Towards incident handling in the cloud: Challenges and approaches

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2010, Pages 77-85

  Grobauer, Bernd ^a   Schreck, Thomas ^a  

^a SIEMENS AG   (Germany)

Author keywords

CERT; Cloud computing; CSIRT; Incident handling

Indexed keywords

CERT; CLOUD COMPUTING; CLOUD SERVICES; CSIRT; HANDLING PROCESS; INCIDENT HANDLING; INTEGRAL PART; OPERATIONAL MODEL; RESEARCH AGENDA; SECURITY INCIDENT; SECURITY MANAGEMENT;

SECURITY OF DATA;

COMPUTER SYSTEMS;

EID: 78650100295     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1866835.1866850     Document Type: Conference Paper

References (31)

1. W. H. Baker, A. Hutton, C. D. Hylender, C. Novak, C. Porter, B. Sartin, P. Tippett, and J. A. Valentine. Verizon 2009 Data Breach Investigations Report, 2009.
2. D. Brezinski and T. Killalea. Guidelines for Evidence Collection and Archiving. RFC 3227 (Best Current Practice), Feb. 2002.
3. N. Brownlee and E. Guttman. Expectations for Computer Security Incident Response. RFC 2350 (Best Current Practice), June 1998.
4. R. M. Bryan Casper. Incident response in virtual environments: Challenges in the cloud. In 22nd Annual FIRST Conference, Miami, USA, June 2010.
5. Y. Chen, V. Paxson, and R. H. Katz. What's new about cloud computing security? Technical Report UCB/EECS-2010-5, EECS Department, University of California, Berkeley, Jan 2010.
6. M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni. Cloud security is not (just) virtualization security. In Proceedings of CCSW 2009: The ACM Cloud Computing Security Workshop, Nov. 2009.
7. Cloud Security Alliance. Trusted Cloud Initiative. http://www. cloudsecurityalliance.org/trustedcloud.html.
8. D. Crocker. Mailbox Names for Common Services, Roles and Functions. RFC 2142 (Proposed Standard), May 1997.
9. R. Danyliw, J. Meijer, and Y. Demchenko. The Incident Object Description Exchange Format. RFC 5070 (Proposed Standard), Dec. 2007.
10. W. Dawoud, I. Takouna, and C. Meinel. Infrastructure as a service security: Challenges and solutions. In The 7th International Conference on Informatics and Systems (INFOS). IEEE Computer Society, 2010.
11. H. Debar, D. Curry, and B. Feinstein. The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (Experimental), Mar. 2007.
12. ENISA. Cloud computing information assurance framework - ENISA. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing- information-assurance-framework.
13. T. Grance, K. Kent, and B. Kim. NIST SP800-61 computer security incident handling guide.
14. B. Grobauer, T. Walloschek, and E. Stöcker. Understanding cloud-computing vulnerabilities. IEEE Security & Privacy, 2010. To appear.
15. Honeynet Project & Research Alliance. Honeywall CDROM Roo, Aug. 2005. http://www.honeynet.org.
16. International Organization for Standardization, Geneva, Switzerland. ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management, 2005.
17. IT Governance Institute, Rolling Meadows, Illinois, USA. CobiT 4.1, 2007.
18. A. Khajeh-Hosseini, I. Sommerville, and I. Sriram. Research challenges for enterprise cloud computing. CoRR, abs/1001.3257, 2010.
19. P. Mell and T. Grance. Draft NIST working definition of cloud computing, Aug. 2009.
20. Microsoft. Computer Online Forensic Evidence Extractor (COFEE). http://www.microsoft.com/industry/government/solutions/cofee/default.aspx.
21. B. D. Payne, M. D. P. de Carbone, and W. Lee. Secure and flexible monitoring of virtual machines. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pages 385-397, 2007.
22. PCI Security Standards Council. Payment Card Industry (PCI) Data Security Standard v1.2.1, July 2009.
23. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, pages 199-212, New York, NY, USA, November 2009. ACM.
24. S. Roschke, F. Cheng, and C. Meinel. Intrusion detection in the cloud. In Dependable, Autonomic and Secure Computing, IEEE International Symposium on, volume 0, pages 729-734, Los Alamitos, CA, USA, 2009. IEEE Computer Society.
25. R. Rounsavall. Forensics considerations in the next generation cloud environments. In 22nd Annual FIRST Conference, Miami, USA, June 2010.
26. N. Ruff. Windows memory forensics. Journal in Computer Virology, 4(2):83-100, 2008.
27. A. Schuster. Searching for processes and threads in microsoft windows memory dumps. Digital Investigation, 3(Supplement 1):10-16, 2006.
28. The Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS '06).
29. The CEE Board. Common event expression, 2008. http://cee.mitre.org/docs/ Common-Event-Expression-White-Paper-June-2008.pdf.
30. The Open Group. Distributed audit service (XDAS) - preliminary specification, Jan. 1997. http://www.opengroup.org/bookstore/catalog/p441.htm.
31. M. West Brown, D. Stikvoort, K.-P. Kossakowski, G. Killcrece, R. Ruefle, and M. Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs). Technical Report CMU/SEI-2003-HB-002, Carnegie Mellon SEI, 2003.