Secure Evidence Collection and Storage for Cloud Accountability Audits

Thomas Ruebsamen, Tobias Pulls, Christoph Reich

2015

Abstract

Cloud accountability audits can be used to strengthen trust of cloud service customers in cloud computing by providing reassurance regarding the correct processing of personal or confidential data in the cloud. However, such audits require various information to be collected. The types of information range from authentication and data access logging to location information, information on security controls and incident detection. Correct data processing has to be proven, which immediately shows the need for secure evidence record storage that also scales with the huge number of data sources as well as cloud customers. In this paper, we introduce Insyndãs a suitable cryptographic mechanism for storing evidence for accountability audits in our previously proposed cloud accountability audits architecture. We present our reasoning for choosing Insynd by showing a comparison of Insynd properties with requirements imposed by accountability evidence collection as well as an analysis how security threats are being mitigated by Insynd. Additionally, we describe an agent-based evidence collection process with a special focus on security and privacy protection.

References

  1. An, J. H. (2001). Authenticated encryption in the public-key setting: Security notions and analyses. IACR Cryptology ePrint Archive, 2001:79.
  2. Bellare, M. and Yee, B. (2003). Forward-security in privatekey cryptography. In Topics in Cryptology-CT-RSA 2003, pages 1-18. Springer.
  3. Bernstein, D. J., Lange, T., and Schwabe, P. (2012). The security impact of a new cryptographic library. In Hevia, A. and Neven, G., editors, Progress in Cryptology - LATINCRYPT 2012 - 2nd International Conference on Cryptology and Information Security in Latin America, Santiago, Chile, October 7-10, 2012. Proceedings, volume 7533 of Lecture Notes in Computer Science, pages 159-176. Springer.
  4. Bowers, K. D., Hart, C., Juels, A., and Triandopoulos, N. (2014). PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging. In Research in Attacks, Intrusions and Defenses Symposium, volume 8688, pages 46-67. Springer.
  5. Dingledine, R., Mathewson, N., and Syverson, P. F. (2004). Tor: The second-generation onion router. In Blaze, M., editor, Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, pages 303-320. USENIX.
  6. Doelitzscher, F., Reich, C., Knahl, M., Passfall, A., and Clarke, N. (2012). An Agent Based Business Aware Incident Detection System for Cloud Environments. Journal of Cloud Computing: Advances, Systems and Applications, 1(1):9.
  7. Doelitzscher, F., Ruebsamen, T., Karbe, T., Reich, C., and Clarke, N. (2013). Sun behind clouds - on automatic cloud security audits and a cloud audit policy language. International Journal On Advances in Networks and Services, 6(1 & 2).
  8. Gupta, A. (2013). Privacy preserving efficient digital forensic investigation framework. In Contemporary Computing (IC3), 2013 Sixth International Conference on, pages 387-392.
  9. Haeberlen, A. (2009). A case for the accountable cloud. In Proceedings of the 3rd ACM SIGOPS International Workshop on Large-Scale Distributed Systems and Middleware (LADIS'09).
  10. JADE (2015). Java Agent DEvelopement framework. http://jade.tilab.com.
  11. Jansen, W. and Grance, T. (2011). Sp 800-144. guidelines on security and privacy in public cloud computing. Technical report, Gaithersburg, MD, United States.
  12. Lopez, J., Ruebsamen, T., and Westhoff, D. (2014). Privacy-friendly cloud audits with somewhat homomorphic and searchable encryption. In Innovations for Community Services (I4CS), 2014 14th International Conference on, pages 95-103.
  13. Microsoft Developer Network (2015). The Stride Threat Model. https://msdn.microsoft.com/enUS/library/ee823878(v=cs.20).aspx.
  14. Mohay, G. M., Anderson, A. M., Collie, B., de Vel, O., and McKemmish, R. D. (2003). Computer and Intrusion Forensics. Artech House, Boston, MA, USA. For more information about this book please refer to the publisher's website (see link) or contact the authors.
  15. Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Consulted, 1(2012):28.
  16. OpenStack (2015). Openstack. http://www.openstack.org/.
  17. Pearson, S. (2011). Toward accountability in the cloud. Internet Computing, IEEE, 15(4):64-69.
  18. Pulls, T. and Peeters, R. (2015a). Balloon: A forward-secure append-only persistent authenticated data structure. Cryptology ePrint Archive, Report 2015/007.
  19. Pulls, T. and Peeters, R. (2015b). Insynd: Secure oneway messaging through Balloons. Cryptology ePrint Archive, Report 2015/150.
  20. Pulls, T., Peeters, R., and Wouters, K. (2013). Distributed privacy-preserving transparency logging. In Sadeghi, A.-R. and Foresti, S., editors, WPES, pages 83-94. ACM.
  21. Redfield, C. M. and Date, H. (2014). Gringotts: Securing data for digital evidence. In Security and Privacy Workshops (SPW), 2014 IEEE, pages 10-17.
  22. Ruebsamen, T. and Reich, C. (2013). Supporting cloud accountability by collecting evidence using audit agents. In Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on, volume 1, pages 185-190.
  23. Weitzner, D. J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., and Sussman, G. J. (2008). Information accountability. Commun. ACM, 51(6):82-87.
  24. Zhang, R., Li, Z., Yang, Y., and Li, Z. (2013). An efficient massive evidence storage and retrieval scheme in encrypted database. In Information and Network Security (ICINS 2013), 2013 International Conference on, pages 1-6.
Download


Paper Citation


in Harvard Style

Ruebsamen T., Pulls T. and Reich C. (2015). Secure Evidence Collection and Storage for Cloud Accountability Audits . In Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-104-5, pages 321-330. DOI: 10.5220/0005408403210330


in Bibtex Style

@conference{closer15,
author={Thomas Ruebsamen and Tobias Pulls and Christoph Reich},
title={Secure Evidence Collection and Storage for Cloud Accountability Audits},
booktitle={Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2015},
pages={321-330},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005408403210330},
isbn={978-989-758-104-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Secure Evidence Collection and Storage for Cloud Accountability Audits
SN - 978-989-758-104-5
AU - Ruebsamen T.
AU - Pulls T.
AU - Reich C.
PY - 2015
SP - 321
EP - 330
DO - 10.5220/0005408403210330