The Impact of Cloud Forensic Readiness on Security

Ahmed Alenezi, Nurul H N. Zulkipli, Hany F. Atlam, Robert J. Walters, Gary B. Wills

Abstract

The rapid increase in the use of cloud computing has led it to become a new arena for cybercrime. Since cloud environments are, to some extent, a new field for digital forensics, a number of technical, legal and organisational challenges have been raised. Although security and digital forensics share the same concerns, when an attack occurs, the fields of security and digital forensics are considered different disciplines. This paper argues that cloud security and digital forensics in cloud environments are converging fields. As a result, unifying security and forensics by being forensically ready and including digital forensics aspects in security mechanisms would enhance the security level in cloud computing, increase forensic capabilities and prepare organizations for any potential attack.

References

  1. Buyya, R. Yeoa, C. Venugopala, S. Broberga, J., Brandicc, I. 2009. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), pp.599-616.
  2. Biggs, S. & Vidalis, S., 2009. International Conference for Internet Technology and Secured Transactions, pp.1-6.
  3. Chou, T., 2013. Security Threats on Cloud Computing Vulnerabilities. International Journal of Computer Science and Information Technology, 5(3), pp.79-88.
  4. Chouhan, P. & Singh, R., 2016. Security Attacks on Cloud Computing With Possible Solution. International Journal of Advanced Research in Computer Science and Software Engineering, 6(1), pp.92-96.
  5. Ertaul, L., Singhal, S. & Saldamli, G., 2010. Security Challenges in Cloud Computing. Security & Management, pp.36-42.
  6. Fonseca, N.L.S. & Boutaba, R., 2015. Cloud Services, Networking, and Management. In Cloud Services, Networking, and Management. pp. 153-190.
  7. Grobler, C. & Louwrens, C., 2007. Digital Forensic Readiness as a Component of Information Security Best Practice. IFIP International Information Security Conference, 232, pp.13-24.
  8. Grispos, G., Storer, T. & Glisson, W., 2012. Calm before the storm: the challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics, 4(2), pp.28-48.
  9. Gary L Palmer. (2001). A Road Map for Digital Forensic Research. Technical Report DTR-T0010- 01, DFRWS. Report for the First Digital Forensic Research Workshop (DFRWS).
  10. Heiser, J. & Nicolett, M., 2008. Assessing the Security Risks of Cloud Computing. Gartner Research, (June), pp.1-6.
  11. Haggerty, J. & Taylor, M., 2006. Managing corporate computer forensics. Computer Fraud and Security, 2006(6), pp.14-16.
  12. Hewling, M.O. (2013) Digital forensics: an integrated approach for the investigation of cyber/computer related crimes. PhD thesis. University of Bedfordshire.
  13. Jayaprakash Ramsaran, (2014), Cloud Computing: Benefits and Challenges [ONLINE]. Available at: https://www.linkedin.com/pulse/20140921193928- 23699310-cloud-computing-benefits-and-challenges [Accessed 15 December 2016].
  14. Kent, K., Chevalier, S., Grance, T. and Dang, H., 2006. Guide to integrating forensic techniques into incident response. NIST Special Publication, (August), pp.800- 886.
  15. Marco, L. De, Kechadi, M.-T. & Ferrucci, F., 2013. Cloud Forensic Readiness: Foundations. International Conference on Digital Forensics and Cyber Crime, pp.237-244.
  16. Mell, P. & Grance, T., 2011. The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6).
  17. NIST Cloud Computing Forensic Science Working Group. (Draft NISTIR 8006), 2014. NIST Cloud Computing Forensic Science Challenges.
  18. Pangalos, G., Ilioudis, C. & Pagkalos, I., 2010. The importance of Corporate Forensic Readiness in the information security framework. Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2010 19th IEEE International Workshop on. IEEE, pp.12-16.
  19. Pangalos, G. & Katos, V., 2010. Information Assurance and Forensic Readiness. In International Conference on eDemocracy. Berlin: Springer, pp. 181-188.
  20. Pearson, S., 2013. Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer London.
  21. Pichan, A., Lazarescu, M. & Soh, S.T., 2015. Cloud forensics: Technical challenges, solutions and comparative analysis. Digital Investigation, 13, pp.38- 57.
  22. Rowlingson, R., 2004. A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence, 2(3), pp.1-28.
  23. Reilly, D., Wren, C. & Berry, T., 2010. Cloud computing: Forensic challenges for law enforcement. Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, pp.1-7.
  24. Ruan, K., Carthy, J., Kechadi, T. and Crosbie, M., 2011. Cloud forensics. Advances in Digital Forensics VII, IFIP Advances in Information and Communication Technology, 361, pp.35-46.
  25. Ruan, K., Carthy, J. and Kechadi, T., 2011. Survey on Cloud Forensics and Critical Criteria for Cloud Forensic Capability: A Preliminary Analysis. ADFSL Conference on Digital Forensics, Security and Law, pp.55-70.
  26. Ruan, K., James, J., Carthy, J. and Kechadi, T., 2012. Key Terms for Service Level Agreements to Support Cloud Forensics. IFIP International Conference on Digital Forensics, pp.201-212.
  27. Ruan, K., Carthy, J., Kechadi, T. and Baggili, I., 2013. Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation, 10(1), pp.34-43.
  28. Ruan, K. & Carthy, J., 2013. Cloud Forensic Maturity Model. Digital Forensics and Cyber Crime, pp.22-41.
  29. Sen, J., 2013. Security and Privacy Issues in Cloud Computing. Architectures and Protocols for Secure Information Technology, (iv), p.42.
  30. Subashini, S. & Kavitha, V., 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), pp.1-11.
  31. Tan, J., 2001. Forensic Readiness. In Cambridge: MA:@ Stake, pp. 1-21.
  32. Taylor, M., Haggerty, J., Gresty, D. and Hegarty, R., 2010. Digital evidence in cloud computing systems. Computer Law & Security Review, 26(3), pp.304-308.
  33. Thorpe, S., Grandison, T., Campbell, A., Williams, J., Burrell, K. and Ray, I., 2013. Towards a forensic-based service oriented architecture framework for auditing of cloud logs. 2013 IEEE Ninth World Congress on Services, pp.75-83.
  34. Vaquero, L.M., Rodero-Merino, L., Caceres, J. and Lindner, M., 2009. A Break in the Clouds: Towards a Cloud Definition. ACM SIGCOMM Computer Communication Review, 39(1), pp.50-55.
  35. Weinhardt, C., Anandasivam, D.I.W.A., Blau, B., Borissov, D.I.N., Meinl, D.M.T., Michalk, D.I.W.W. and Stößer, J., 2009. Cloud Computing - A Classification, Business Models, and Research Directions. Business & Information Systems Engineering, p.391.
  36. Weiss, A., 2007. Computing in the Clouds. netWorker Magazine - Cloud computing: PC functions move onto the web, (Volume II, Issue 4), pp.16-25.
  37. Wolthusen, S.D., 2009. Overcast: Forensic discovery in cloud environments. In IMF 2009 - 5th International Conference on IT Security Incident Management and IT Forensics - Conference Proceedings. pp. 3-9.
  38. Yahya, F. et al., 2014. Security Challenges in Cloud Storage. 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.
  39. Zawoad, S. & Hasan, R., 2013. Digital Forensics in the Cloud. CrossTalk, (October), pp.17-20.
  40. Zawoad, S. and Hasan, R., 2013. Cloud forensics: a metastudy of challenges, approaches, and open problems. arXiv preprint arXiv:1302.6312.
  41. Zhang, Q., Cheng, L. & Boutaba, R., 2010. Cloud computing: State-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), pp.7-18.
  42. Zissis, D. & Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), pp.583-592.
Download


Paper Citation


in Harvard Style

Alenezi A., Zulkipli N., Atlam H., Walters R. and Wills G. (2017). The Impact of Cloud Forensic Readiness on Security . In Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-243-1, pages 539-545. DOI: 10.5220/0006332705390545


in Bibtex Style

@conference{closer17,
author={Ahmed Alenezi and Nurul H N. Zulkipli and Hany F. Atlam and Robert J. Walters and Gary B. Wills},
title={The Impact of Cloud Forensic Readiness on Security},
booktitle={Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2017},
pages={539-545},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006332705390545},
isbn={978-989-758-243-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - The Impact of Cloud Forensic Readiness on Security
SN - 978-989-758-243-1
AU - Alenezi A.
AU - Zulkipli N.
AU - Atlam H.
AU - Walters R.
AU - Wills G.
PY - 2017
SP - 539
EP - 545
DO - 10.5220/0006332705390545