SecLaaS: Secure logging-as-a-service for cloud forensics

ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

Volumn , Issue , 2013, Pages 219-230

  Zawoad, Shams ^a   Dutta, Amit Kumar ^a   Hasan, Ragib ^a  

^a UNIVERSITY OF ALABAMA AT BIRMINGHAM   (United States)

Author keywords

cloud forensics; cloud security; forensic investigation; logging as a service

Indexed keywords

CLOUD COMPUTING ARCHITECTURES; CLOUD FORENSICS; CLOUD INFRASTRUCTURES; CLOUD MANAGEMENTS; CLOUD SECURITIES; COMPUTING PARADIGM; FORENSIC INVESTIGATION; LOGGING-AS-A-SERVICE;

CLOUD COMPUTING;

COMPUTER FORENSICS;

EID: 84877990370     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2484313.2484342     Document Type: Conference Paper

References (32)

1. R. Accorsi. On the relationship of privacy and secure remote logging in dynamic systems. In Security and Privacy in Dynamic Environments, volume 201, pages 329-339. Springer US, 2006.
2. Amazon. Zeus botnet controller. http://aws.amazon.com/security/security- bulletins/zeus-botnet-controller/. [Accessed July 5th, 2012].
3. AWS. Amazon web services. http://aws.amazon.com. [Accessed July 5th, 2012].
4. J. Benaloh and M. De Mare. One-way accumulators: A decentralized alternative to digital signatures. In Advances in CryptologyâǍ EUROCRYPTâǍŹ93, pages 274-285. Springer, 1994.
5. D. Birk and C. Wegener. Technical issues of forensic investigatinos in cloud computing environments. Systematic Approaches to Digital Forensic Engineering, 2011.
6. B. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422-426, 1970.
7. Centers for Medicare and Medicaid Services. The health insurance portability and accountability act of 1996 (hipaa). http://www.cms.hhs.gov/ hipaa/, 1996. [Accessed July 5th, 2012].
8. Clavister. Security in the cloud. http://www.clavister.com/documents/ resources/white-papers/clavister-whp-security-in-the-cloud-gb.pdf. [Accessed July 5th, 2012].
9. Congress of the United States. Sarbanes-Oxley Act. http://thomas.loc.gov, 2002. [Accessed July 5th, 2012].
10. J. Dykstra and A. Sherman. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. DoD Cyber Crime Conference, January 2012.
11. FBI. Annualreport for fiscal year 2007. 2008 Regional Computer Forensics Laboratory Program, 2008. [Accessed July 5th, 2012].
12. Gartner. Worldwide cloud services market to surpass $68 billion in 2010. http://www.gartner.com/it/page.jsp?id=1389313, 2010. [Accessed July 5th, 2012].
13. M. Goodrich, R. Tamassia, and J. Hasić. An efficient dynamic and distributed cryptographic accumulator. Information Security, pages 372-388, 2002.
14. G. Grispos, T. Storer, and W. Glisson. Calm before the storm: The challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics (IJDCF), 2012.
15. INPUT. Evolution of the cloud: The future of cloud computing in government. http://iq.govwin.com/corp/library/detail.cfm?ItemID=8448&cmp= OTC-cloudcomputingma042009, 2009. [Accessed July 5th, 2012].
16. K. Kent, S. Chevalier, T. Grance, and H. Dang. Guide to integrating forensic techniques into incident response. NIST Special Publication, pages 800-86, 2006.
17. A. Khajeh-Hosseini, D. Greenwood, and I. Sommerville. Cloud migration: A case study of migrating an enterprise it system to iaas. In proceedings of the 3rd International Conference on Cloud Computing (CLOUD), pages 450-457. IEEE, 2010.
18. D. Lunn. Computer forensics - an overview. SANS Institute, 2002, 2000.
19. D. Ma and G. Tsudik. A new approach to secure logging. Trans. Storage, 5(1):2:1-2:21, Mar. 2009.
20. Market Research Media. Global cloud computing market forecast 2015-2020. http://www.marketresearchmedia.com/2012/01/08/global-cloud-computing-market/. [Accessed July 5th, 2012].
21. R. Marty. Cloud application logging for forensics. In In proceedings of the 2011 ACM Symposium on Applied Computing, pages 178-184. ACM, 2011.
22. D. Reilly, C. Wren, and T. Berry. Cloud computing: Pros and cons for computer forensic investigations. 2011.
23. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, pages 199-212. ACM, 2009.
24. J. Robbins. An explanation of computer forensics. National Forensics Center, 774:10-143, 2008.
25. K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie. Cloud forensics: An overview. In proceedings of the 7th IFIP International Conference on Digital Forensics, 2011.
26. B. Schneier and J. Kelsey. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur., 2(2):159-176, May 1999.
27. M. Taylor, J. Haggerty, D. Gresty, and R. Hegarty. Digital evidence in cloud computing systems. Computer Law & Security Review, 26(3):304-308, 2010.
28. Tikal. Experimenting with OpenStack Essex on Ubuntu 12.04 LTS under VirtualBox. http://bit.ly/LFsVUY, 2012. [Accessed November 30th, 2012].
29. J. Vacca. Computer forensics: computer crime scene investigation, volume 1. Delmar Thomson Learning, 2005.
30. J. Wiles, K. Cardwell, and A. Reyes. The best damn cybercrime and digital forensics book period. Syngress Media Inc, 2007.
31. A. Yavuz and P. Ning. Baf: An efficient publicly verifiable secure audit logging scheme for distributed systems. In Computer Security Applications Conference, 2009. ACSAC '09. Annual, pages 219-228, dec. 2009.
32. Z. Zafarullah, F. Anwar, and Z. Anwar. Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), pages 110-116. IEEE, 2011.