Академический Документы
Профессиональный Документы
Культура Документы
Not here
to
Case Study
Khatamm!!!!
SaaS
PaaS
IaaS
Service Models
Private
Public
Community
Hybrid
Deployment Models
Essential Services
The CLOUD
Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable
resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
CLOUD FORENSICS
Cloud forensics is the application of
digital forensics science in cloud
computing environments. Technically,
it consists of a hybrid forensic
approach (e.g., remote, virtual,
network, live, large-scale, thin-client,
thick-client) towards the generation of
digital evidence.
Challenges in Cloud
Forensics
Multiple Venues
and Geo-locations
Geo-location unknowns can impact the Chain of
Custody in finding evidence and identifying
resources that are required for access to the system.
RAPID
ELASTICITY
Capabilities can be Elastically Provisioned and released to
scale rapidly outward and inward commensurate with
demand. To the consumer, the capabilities available for
provisioning often appear to be unlimited and can be
appropriated in any quantity at any time
Volume of Data
and Users
No Real
Time
snapshot
Evidence Correlation
across Multiple cloud
Providers
Correlation of Activities across Cloud Providers is a
challenge; interoperability is an issue
Synchronization of
Timestamps
Unification of Log
Formats
Log formats
Use of MetaData
Single Point
of Failure
There is no Single point of Failure allowing criminals to be
caught in a straightforward manner. A criminal organization
can choose one cloud provider as a storage solution (e.g.,
Dropbox), obtain compute services from a second cloud
provider (e.g., Amazon EC2), and route all of their
communications through a third (e.g., Gmail or Pastebin).
Errors in Cloud
Management Portal
Configurations
Vulnerabilities in management portal applications provided
by cloud Providers may be exploited by an unauthorized
individual to gain control, reconfigure, or delete another
cloud tenants resources or applications.
Lack of transparency
Triggers lack of trust and
difficulties of auditing
For the investigator/evidence collector, collecting accurate,
complete, traceable, audible and forensically sound evidence
is challenging because of multiple levels of computation
outsourcing and lack of transparency.
Outsourcing
Cloud Confiscation
and Resource
Seizure
For investigators, confiscation and seizure of cloud resources
to acquire evidence may pose a challenge because the
business continuity of other tenants may be adversely
affected.
Secure
Provenance
For law enforcement, ensuring proper chain of
custody and security of data, metadata, and possibly
hardware is a challenge because it may be difficult to
determine ownership, custody, or accurate location.
Chain of Custody of
Data
Because of the distributed, multi-layered nature of cloud
computing, the chain of custody of data may be impossible to
verify, to determine exactly where the data was stored, who
had access, and whether leakage or contamination of data
was possible.
If data is stored in a cloud where multiple users and cloud
Providers potentially have access, associating the data to the
suspect beyond a reasonable doubt is a challenge.
Chain of dependencies in
Multiple cloud systems
Cloud Providers often have dependencies on other cloud
Providers. For example, a cloud Provider that provides an
email application (SaaS) may depend on a third-party provider
to host log files (i.e., PaaS), which in turn may rely on a
partner who provides the infrastructure to store log files
(IaaS).
Dynamic Storage
Some cloud Providers dynamically allocate storage based on
the current needs of the user. As data is deleted from the
system, the storage is re-allocated to optimize data reads and
storage use.
Ambiguous
Trust
Boundaries
For investigators/evidence
collectors, obtaining noncorrupted, complete set of
data for forensic evidence
poses a challenge in multitenant cloud environments
because not all vendors
implement vertical isolation
for consumers' data
MULTI TENANCY
In cloud computing, multiple VM can share the same
physical infrastructure, i.e., data for multiple customers
may be co-located. This nature of clouds is different from
the traditional single owner computer system.
MULTI TENANCY
How to prove that data were not
comingled with other users data ?
First,
VOLATILE DATA
Polly is a
criminal who
traffics in
Child
Pornography
Exact Duplicate,
A technician at the provider executes the search
order from his or her workstation, copying data
from the provider's infrastructure and verifying
data integrity with hashes of the files.
Distributed files across many physical machines
are reassembled automatically as the technician
accesses them.
> answerdena.py
LOGGING
When to log, What to log and
How to log.
CONTINUOUS SYNCHRONIZATION
Provenance in Clouds
Cloud provenance can be
Data provenance: Who created, modified,
deleted data stored in a cloud (external
entities change data)
Process provenance: What happened to
data once it was inside the cloud (internal
entities change data)
I m at
- anupam605@gmail.com
- anupam.tiwari@nic.in
SIDE-CHANNEL ATTACKS
Using the Amazon EC2 service as a case study, we show that
it is possible to map the internal cloud infrastructure, identify
where a particular target VM is likely to reside, and then
instantiate new VMs until one is placed co-resident with the
target. We explore how such placement can then be used to
mount cross-VM side-channel attacks to extract information
from a target VM on the same machine.
Source : http://cloudsecurity.org/blog/2009/08/31/cloud-cartography-sidechannel-attacks.html