Adaptive evidence collection in the cloud using attack scenarios. Issue 59 (June 2016)
- Record Type:
- Journal Article
- Title:
- Adaptive evidence collection in the cloud using attack scenarios. Issue 59 (June 2016)
- Main Title:
- Adaptive evidence collection in the cloud using attack scenarios
- Authors:
- Pasquale, Liliana
Hanvey, Sorren
Mcgloin, Mark
Nuseibeh, Bashar - Abstract:
- Abstract: The increase in crimes targeting the cloud is increasing the amount of data that must be analysed during a digital forensic investigation, exacerbating the problem of processing such data in a timely manner. Since collecting all possible evidence proactively could be cumbersome to analyse, evidence collection should mainly focus on gathering the data necessary to investigate potential security breaches that can exploit vulnerabilities present in a particular cloud configuration. Cloud elasticity can also change the attack surface available to an adversary and, consequently, the way potential security breaches can arise. Therefore, evidence collection should be adapted depending on changes in the cloud configuration, such as those determined by allocation/deallocation of virtual machines. In this paper, we propose to use attack scenarios to configure more effective evidence collection for cloud services. In particular, evidence collection activities are targeted to detect potential attack scenarios that can violate existing security policies. These activities also adapt when new/different attack scenarios can take place due to changes in the cloud configuration. We illustrate our approach by using examples of insider and outsider attacks. Our results demonstrate that using attack scenarios allows us to target evidence collection activities towards those security breaches that are likely, while saving space and time necessary to store and process such data.
- Is Part Of:
- Computers & security. Issue 59(2016)
- Journal:
- Computers & security
- Issue:
- Issue 59(2016)
- Issue Display:
- Volume 59, Issue 59 (2016)
- Year:
- 2016
- Volume:
- 59
- Issue:
- 59
- Issue Sort Value:
- 2016-0059-0059-0000
- Page Start:
- 236
- Page End:
- 254
- Publication Date:
- 2016-06
- Subjects:
- Forensic readiness -- Cloud computing -- Adaptive software -- Attack planning -- Digital investigation
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2016.03.001 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2569.xml