As cloud computing gains a firm foothold as an information technology (IT) business solution, an increasing number of enterprises are considering it as a possible migration route for their IT infrastructures and business operations. The centralization of data in the cloud has not gone unnoticed by criminal elements and, as such, data centers and cloud providers have become targets for attack. Traditional digital forensic methodologies are not well suited to cloud computing environments because of the use of remote storage and virtualization technologies. The task of imaging potential evidence is further complicated by evolving cloud environments and services such as infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). The implementation of forensics as a service (FaaS) appears to be the only workable solution, but until standards are formulated and implemented by service providers, the only option will be to use traditional forensic tools and rely on service level agreements to facilitate the extraction of digital evidence on demand. This paper explores the effect that cloud computing has on traditional digital forensic investigations and proposes some approaches to help improve cloud forensic investigations.
The detection of cyber attacks before they are successful represents an essential stage in the evolution of an attack vector centric security framework. Anti-virus, Malware and Firewalls detection & protection ideologies are proving to be ineffective and they were never designed with multi-tenant cloud environments in mind. The current security solution development is driven by the complexity of the gap analysis performed by hacker groups and multitenant cloud solutions represent a significant target to hacker groups so it is important for Cloud providers to take pre-emptive steps to ensure the total security of their services. A multi-tenant environment irrespective of the number of users is still an individual system and multitenant cloud solutions require active protection as the individual system components can still be compromised with a previously unknown attack vector. One possible solution to this growing security concern is an approach that continuously validates user interactions within a system and takes automated preemptive steps to promote the protection of the system users. By gathering information on the attack vector and the attacker themselves it is possible to predict the aim of the attack, gauging the risk and making assumptions. The ultimate goal is to identify and close the attack vector during the attackers gap analysis while ensuring at all time that the information gathered can be isolated to a legal forensic standard. With the ultimate goal being the ability to share malicious user activity information with authorities without the risk of accidental data leakage of other tenants data. This paper describes a possible system and methodology that would prevent the gap analysis phase of a cyber-attack.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.