The Open UniversitySkip to content
 

Adaptive evidence collection in the cloud using attack scenarios

Pasquale, Liliana; Hanvey, Sorren; Mcgloin, Mark and Nuseibeh, Bashar (2016). Adaptive evidence collection in the cloud using attack scenarios. Computers & Security, 59 pp. 236–254.

Full text available as:
[img]
Preview
PDF (Accepted Manuscript) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (1MB) | Preview
DOI (Digital Object Identifier) Link: https://doi.org/10.1016/j.cose.2016.03.001
Google Scholar: Look up in Google Scholar

Abstract

The increase in crimes targeting the cloud is increasing the amount of data that must be analysed during a digital forensic investigation, exacerbating the problem of processing such data in a timely manner. Since collecting all possible evidence proactively could be cumbersome to analyse, evidence collection should mainly focus on gathering the data necessary to investigate potential security breaches that can exploit vulnerabilities present in a particular cloud configuration. Cloud elasticity can also change the attack surface available to an adversary and, consequently, the way potential security breaches can arise. Therefore, evidence collection should be adapted depending on changes in the cloud configuration, such as those determined by allocation/deallocation of virtual machines. In this paper, we propose to use attack scenarios to configure more effective evidence collection for cloud services. In particular, evidence collection activities are targeted to detect potential attack scenarios that can violate existing security policies. These activities also adapt when new/different attacks scenarios can take place due to changes in the cloud configuration. We illustrate our approach by using examples of insider and outsider attacks. Our results demonstrate that using attack scenarios allows us to target evidence collection activities towards those security breaches that are likely, while saving space and time necessary to store and process such data.

Item Type: Journal Item
Copyright Holders: 2016 Elsevier
ISSN: 0167-4048
Project Funding Details:
Funded Project NameProject IDFunding Body
Not Set10/CE/I1855Science Foundation Ireland
Not Set13/RC/2094Science Foundation Ireland
Not Set291652ERC
Keywords: forensic readiness; cloud computing; adaptive software; attack planning, digital investigation
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Interdisciplinary Research Centre: Centre for Policing Research and Learning (CPRL)
Centre for Research in Computing (CRC)
International Development & Inclusive Innovation
Item ID: 45768
Depositing User: Bashar Nuseibeh
Date Deposited: 23 Mar 2016 16:33
Last Modified: 27 Nov 2017 10:30
URI: http://oro.open.ac.uk/id/eprint/45768
Share this page:

Altmetrics

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU