University of Limerick
Browse
- No file added yet -

Adaptive evidence collection in the cloud using attack scenarios

Download (1.51 MB)
journal contribution
posted on 2017-08-31, 09:24 authored by Liliana Pasquale, Sorren Hanvey, Mark Mcgloin, Bashar NuseibehBashar Nuseibeh
The increase in crimes targeting the cloud is increasing the amount of data that must be analysed during a digital forensic investigation, exacerbating the problem of processing such data in a timely manner. Since collecting all possible evidence proactively could be cumbersome to analyse, evidence collection should mainly focus on gathering the data necessary to investigate potential security breaches that can exploit vulnerabilities present in a particular cloud configuration. Cloud elasticity can also change the attack surface available to an adversary and, consequently, the way potential security breaches can arise. Therefore, evidence collection should be adapted depending on changes in the cloud configuration, such as those determined by allocation/deallocation of virtual machines. In this paper, we propose to use attack scenarios to configure more effective evidence collection for cloud services. In particular, evidence collection activities are targeted to detect potential attack scenarios that can violate existing security policies. These activities also adapt when new/different attack scenarios can take place due to changes in the cloud configuration. We illustrate our approach by using examples of insider and outsider attacks. Our results demonstrate that using attack scenarios allows us to target evidence collection activities towards those security breaches that are likely, while saving space and time necessary to store and process such data. (C) 2016 Elsevier Ltd. All rights reserved.

Funding

Study on Aerodynamic Characteristics Control of Slender Body Using Active Flow Control Technique

Japan Society for the Promotion of Science

Find out more...

History

Publication

Computers and Security;59, pp. 236-254

Publisher

Elsevier

Note

peer-reviewed

Other Funding information

SFI, ERC

Rights

This is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 2016, 59, pp. 236-254,https://doi.org/10.1016/j.cose.2016.03.001

Language

English

Usage metrics

    University of Limerick

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC