Digital Forensics for Eucalyptus

2011 Frontiers of Information Technology Pub Date : 2011-12-19 DOI:10.1109/FIT.2011.28

Zafarullah, Faiza Anwar, Z. Anwar

{"title":"Digital Forensics for Eucalyptus","authors":"Zafarullah, Faiza Anwar, Z. Anwar","doi":"10.1109/FIT.2011.28","DOIUrl":null,"url":null,"abstract":"Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. As a result the digital forensics, which relies heavily on physical access to computing devices and applications logs, has become a biggest challenge in cloud environments due to the non-availability of physical access to computing devices and applications logs. As we will see this paper highlights many of the digital forensics issues in the cloud environments and tries to address some of these forensics issues by identifying possible Syslog or Snort logs that can help in detecting cloud attacks or conducting digital forensics in cloud environments by analyzing logs generated by an open source cloud computing Eucalyptus software. As we will see in the paper we neither had access to Eucalyptus logs dataset nor it was known that any such dataset exist that could be analyzed offline for digital forensics purposes. Thus we generated our own dataset by attacking Eucalyptus with many of the known cloud attacks and then analyzing the resultant dataset to identify possible log entries that could identify cloud attacks or help in conducting digital forensics in cloud environments.","PeriodicalId":101923,"journal":{"name":"2011 Frontiers of Information Technology","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"68","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Frontiers of Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FIT.2011.28","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 68

Abstract

Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. As a result the digital forensics, which relies heavily on physical access to computing devices and applications logs, has become a biggest challenge in cloud environments due to the non-availability of physical access to computing devices and applications logs. As we will see this paper highlights many of the digital forensics issues in the cloud environments and tries to address some of these forensics issues by identifying possible Syslog or Snort logs that can help in detecting cloud attacks or conducting digital forensics in cloud environments by analyzing logs generated by an open source cloud computing Eucalyptus software. As we will see in the paper we neither had access to Eucalyptus logs dataset nor it was known that any such dataset exist that could be analyzed offline for digital forensics purposes. Thus we generated our own dataset by attacking Eucalyptus with many of the known cloud attacks and then analyzing the resultant dataset to identify possible log entries that could identify cloud attacks or help in conducting digital forensics in cloud environments.

查看原文本刊更多论文

桉树的数字取证

云计算是一种计算范式，它与传统的计算架构发生了巨大的变化。虽然这种新的计算范式具有效用计算模型等诸多优点，但其设计并不完美，不仅存在许多已知的计算机漏洞，而且由于其固有的设计范式，也带来了独特的信息机密性、完整性和可用性风险。因此，严重依赖于对计算设备和应用程序日志的物理访问的数字取证已成为云环境中最大的挑战，因为无法对计算设备和应用程序日志进行物理访问。正如我们将看到的，本文重点介绍了云环境中的许多数字取证问题，并试图通过识别可能的Syslog或Snort日志来解决其中的一些取证问题，这些日志可以帮助检测云攻击，或者通过分析开源云计算Eucalyptus软件生成的日志来在云环境中进行数字取证。正如我们将在论文中看到的，我们既没有访问桉树日志数据集，也不知道有任何这样的数据集存在，可以离线分析，用于数字取证目的。因此，我们通过使用许多已知的云攻击攻击Eucalyptus来生成自己的数据集，然后分析生成的数据集以识别可能的日志条目，这些日志条目可以识别云攻击或帮助在云环境中进行数字取证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Frontiers of Information Technology

自引率

0.00%

发文量