{"title":"面向虚拟网络中的数字调查:挑战与开放问题的研究","authors":"Daniel Spiekermann, Tobias Eggendorfer","doi":"10.1109/ARES.2016.34","DOIUrl":null,"url":null,"abstract":"The evolution of virtualization techniques is still changing operating principles in today's datacenters (DC). The virtualization of ordinary servers was just the first step, which increased the dynamic and flexibility of the DC. Providers are now able to offer different virtual machines (VM) faster and with less overhead to their customers. But this provision raises new problems for the providers. Aspects like isolation, security or multi-tenancy are increasingly relevant and demand new setups in the DC. Current network infrastructures are not able to handle these aspects with an acceptable effort, but the development of virtual networks offers new possibilities, with benefits for the provider and the user. Based on a physical underlay network, different virtual networks can be defined, either by a provider or the customer. Protocols like VXLAN or GENEVE appear to eliminate restrictions of current networks. New paradigms like Software-defined-Networks (SDN) or Network Function Virtualization (NFV) offer new capabilities to redesign the whole network infrastructure in the DC. But the need for digital investigation is still necessary regardless of all new paradigms and evolution. As a branch of digital investigation, network forensic investigation (NFI) is used to examine network traffic by capturing the data of a suspicious target system and analyzing this data. The modern virtual data centers and the implemented virtual networks impede the NFI, proved techniques and methods fail because of the increased complexity of the new logical networks. Not only the analysis of the new network protocols impede the NFI, even the the capture process of relevant data needs to be refined. In this paper, we analyze in detail new arising problems of digital investigation in virtual networks and explore the new challenges for NFI. Based on the discussion of network forensics and current utilized methodologies and the new techniques of network virtualization the arising problems are defined and classified in three categories. This classification helps to develop new methods and possible solutions, which might simplify further necessary investigations in cloud-computing environments.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Towards Digital Investigation in Virtual Networks: A Study of Challenges and Open Problems\",\"authors\":\"Daniel Spiekermann, Tobias Eggendorfer\",\"doi\":\"10.1109/ARES.2016.34\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The evolution of virtualization techniques is still changing operating principles in today's datacenters (DC). The virtualization of ordinary servers was just the first step, which increased the dynamic and flexibility of the DC. Providers are now able to offer different virtual machines (VM) faster and with less overhead to their customers. But this provision raises new problems for the providers. Aspects like isolation, security or multi-tenancy are increasingly relevant and demand new setups in the DC. Current network infrastructures are not able to handle these aspects with an acceptable effort, but the development of virtual networks offers new possibilities, with benefits for the provider and the user. Based on a physical underlay network, different virtual networks can be defined, either by a provider or the customer. Protocols like VXLAN or GENEVE appear to eliminate restrictions of current networks. New paradigms like Software-defined-Networks (SDN) or Network Function Virtualization (NFV) offer new capabilities to redesign the whole network infrastructure in the DC. But the need for digital investigation is still necessary regardless of all new paradigms and evolution. As a branch of digital investigation, network forensic investigation (NFI) is used to examine network traffic by capturing the data of a suspicious target system and analyzing this data. The modern virtual data centers and the implemented virtual networks impede the NFI, proved techniques and methods fail because of the increased complexity of the new logical networks. Not only the analysis of the new network protocols impede the NFI, even the the capture process of relevant data needs to be refined. In this paper, we analyze in detail new arising problems of digital investigation in virtual networks and explore the new challenges for NFI. Based on the discussion of network forensics and current utilized methodologies and the new techniques of network virtualization the arising problems are defined and classified in three categories. This classification helps to develop new methods and possible solutions, which might simplify further necessary investigations in cloud-computing environments.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.34\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Digital Investigation in Virtual Networks: A Study of Challenges and Open Problems
The evolution of virtualization techniques is still changing operating principles in today's datacenters (DC). The virtualization of ordinary servers was just the first step, which increased the dynamic and flexibility of the DC. Providers are now able to offer different virtual machines (VM) faster and with less overhead to their customers. But this provision raises new problems for the providers. Aspects like isolation, security or multi-tenancy are increasingly relevant and demand new setups in the DC. Current network infrastructures are not able to handle these aspects with an acceptable effort, but the development of virtual networks offers new possibilities, with benefits for the provider and the user. Based on a physical underlay network, different virtual networks can be defined, either by a provider or the customer. Protocols like VXLAN or GENEVE appear to eliminate restrictions of current networks. New paradigms like Software-defined-Networks (SDN) or Network Function Virtualization (NFV) offer new capabilities to redesign the whole network infrastructure in the DC. But the need for digital investigation is still necessary regardless of all new paradigms and evolution. As a branch of digital investigation, network forensic investigation (NFI) is used to examine network traffic by capturing the data of a suspicious target system and analyzing this data. The modern virtual data centers and the implemented virtual networks impede the NFI, proved techniques and methods fail because of the increased complexity of the new logical networks. Not only the analysis of the new network protocols impede the NFI, even the the capture process of relevant data needs to be refined. In this paper, we analyze in detail new arising problems of digital investigation in virtual networks and explore the new challenges for NFI. Based on the discussion of network forensics and current utilized methodologies and the new techniques of network virtualization the arising problems are defined and classified in three categories. This classification helps to develop new methods and possible solutions, which might simplify further necessary investigations in cloud-computing environments.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
