Digital Forensics for Eucalyptus

Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. As a result the digital forensics, which relies heavily on physical access to computing devices and applications logs, has become a biggest challenge in cloud environments due to the non-availability of physical access to computing devices and applications logs. As we will see this paper highlights many of the digital forensics issues in the cloud environments and tries to address some of these forensics issues by identifying possible Syslog or Snort logs that can help in detecting cloud attacks or conducting digital forensics in cloud environments by analyzing logs generated by an open source cloud computing Eucalyptus software. As we will see in the paper we neither had access to Eucalyptus logs dataset nor it was known that any such dataset exist that could be analyzed offline for digital forensics purposes. Thus we generated our own dataset by attacking Eucalyptus with many of the known cloud attacks and then analyzing the resultant dataset to identify possible log entries that could identify cloud attacks or help in conducting digital forensics in cloud environments.

[1]  Nils Gruschka,et al.  SOA and Web Services: New Technologies, New Standards - New Attacks , 2007, Fifth European Conference on Web Services (ECOWS'07).

[2]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[3]  Stephen Biggs,et al.  Cloud Computing: The impact on digital forensic investigations , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[4]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[5]  Dmitrii Zagorodnov,et al.  Eucalyptus: an open-source cloud computing infrastructure , 2009 .

[6]  S Nare,et al.  Forensic challenges for handling incidents and crime in cyberspace , 2009 .

[7]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[8]  Paul Watson,et al.  Experiments Towards Adaptation of Concurrent Workflows , 2007, ECOWS 2007.

[9]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[10]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[11]  Rick Bradshaw,et al.  Experiences with Eucalyptus: Deploying an Open Source Cloud , 2010, LISA.