research-article

Cloud forensics challenges from a service model standpoint: IaaS, PaaS and SaaS

Authors:

Rajeev Agrawal,

Jessie J. WalkerAuthors Info & Claims

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

Pages 148 - 155

https://doi.org/10.1145/2857218.2857253

Published: 25 October 2015 Publication History

Abstract

Cloud computing is a promising and expanding technology which could replace traditional IT systems. Cloud computing resembles a giant pool of resources which contains hardware, software and related applications, which can be accessed through web-based services on a pay-per-usage model. The main features of the cloud model are accessibility, availability and scalability, and it can be subdivided into three service models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud computing continues to transform how security challenges are addressed in closed and private networks. Given the advanced functionality offered by cloud computing, network monitoring and digital forensics efforts are potentially detectable and service-interruptive, which significantly impacts the effectiveness and thoroughness of digital forensic methods. This paper presents a general view of cloud computing, which aims to highlight the security issues and vulnerabilities associated with cloud service models. The technology is mainly based on virtualization, where data is always volatile and typically stored in a de-centralized architecture located across various countries and regions. This presents forensics investigators with legal challenges, due to the nature of multi-tenancy and distributed shared resources. This paper examines the three cloud service models and discusses the security challenges and issues involved with each service model along with potential solutions for each.

References

[1]

Market Research Media, 2012. Global cloud computing market forecast 2015--2020. Retrieved from: http://www.marketresearchmedia.com/2012/01/08/global-cloud-computing-market/

[2]

Zawoad, S., and Hasan, R. 2013. Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems. Masters Thesis. University of Alabama at Birmingham Birmingham, Alabama.

[3]

Talbot, Chris (May 1, 2014). Talkin' Bitglass Report: Security Concerns Limit Cloud Adoption. Retrieved from: http://talkincloud.com/cloud-computing-research/050114/bitglass-report-security-concerns-limit-cloud-adoption

[4]

Shetty, Sony. 2013. Gartner Says Cloud Computing Will Become the Bulk of New IT Spend by 2016. (October 2013) Retrieved December 12, 2013 from http://www.gartner.com/newsroom/id/2613015.

[5]

D. Reilly, C. Wren, and T. Berry, "Cloud computing: Pros and cons for computer forensic investigations," International Journal Multimedia and Image Processing (IJMIP), vol. 1, no. 1, pp. 26--34, 2011

[6]

P. Mell, and T. Grance, "The NIST definition of cloud computing," 2011.

[7]

Jackson, C., Agrawal R., Walker, J. & Grosky, W. 2014. Scenario-based Design for a cloud Forensics Portal. In Proceedings of the IEEE International Symposium on Technologies for Homeland Security, Waltham, MA, USA.

[8]

Brodkin, J. (2008). Gartner: Seven cloud-computing security risks. Infoworld, 2008, 1--3.

[9]

Zawoad, S., Dutta, A. K., & Hasan, R. (2013, May). SecLaaS: secure logging-as-a-service for cloud forensics. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security (pp. 219--230). ACM.

Digital Library

[10]

Ruan, K., Baggili, I., Carthy, J., Kechadi, T. 2011. Survey on cloud forensics and critical criteria for cloud forensic capability: A preliminary analysis. ADFSL Conference on Digital Forensics, Security and Law.

[11]

Paul, A., Anvekar, K, M., Rishil, J., and Chandra, S, K. 2012. Cyber Forensics in Cloud Computing. Master Thesis. Department of Computer Science and Engineering, NITK, Surathkal, India

[12]

Birk, D. and Wegener, C. 2011. Technical Issues of Forensic Investigations in Cloud Computing Environments. Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop, (May 2011), 26--26.

Digital Library

[13]

Sang, T. (2013, January). A log based approach to make digital forensics easier on cloud computing. In Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on (pp. 91--94). IEEE.

Digital Library

[14]

Alvarado, M. D., Agrawal, R., & Baker, Y. (2013, April). Security mechanisms utilized in a secured cloud infrastructure. In Southeastcon, 2013 Proceedings of IEEE (pp. 1--5).

[15]

Rai, R., Sahoo, G. and Mehfuz, S. "Securing Software as a Service Model of Cloud Computing: Issues and Solutions," arXiv preprint arXiv:1309.2426, 2013.

[16]

Dykstra, J., & Sherman, A. T. (2012). Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, S90--S98.

[17]

Bouayad, A., Blilat, A., and Ghazi, M, E,. 2012. Cloud computing: Security challenges. 2012. Information Science and Technology (CIST), (Oct. 2012), 22--24.

[18]

Subashini. S., and Kavitha, V. 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34.1 (2011): 1--11.

Digital Library

[19]

Damshenas, M., Ali, D., Ramlan, M., and Shamsuddin, b. 2012. Forensics investigation challenges in cloud computing environments. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference, (June.2012), 26--28.

[20]

Dawoud, W., Takouna, I., and Meinel, C,. 2010. Infrastructure as a service security: Challenges and solutions. In Informatics and Systems (INFOS), The 7th International Conference,(2010), 1--8.

[21]

Hay, B., Kara, N., and Matt, B. 2011. Storm Clouds Rising: Security Challenges for IaaS Cloud Computing. System Sciences (HICSS), 2011 44th Hawaii International Conference on, (7 Jan. 2011) 4--7.

Digital Library

[22]

Birk, D. and Wegener, C. Technical issues of forensic investigations in cloud computing environments. Systematic Approaches to Digital Forensic Engineering, 2011.

Digital Library

[23]

Dykstra, J. and Sherman, A. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. DoD Cyber Crime Conference, January 2012.

[24]

Marty, R. Cloud application logging for forensics. In In proceedings of the 2011 ACM Symposium on Applied Computing, pages 178--184. ACM, 2011.

Digital Library

[25]

Zafarullah, Z., Anwar, F. and Anwar, Z. Digital forensics for eucalyptus. In Frontiers of Information Technology (FIT), pages 110--116. IEEE, 2011.

Digital Library

[26]

Krautheim, F. J. "Private virtual infrastructure for cloud computing," In Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud'09). USENIX Association, Berkeley, CA, USA.

Digital Library

[27]

Birk, D. and Wegener, C. 2011. Technical Issues of Forensic Investigations in Cloud Computing Environments. Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop, (May 2011), 26--26.

Digital Library

[28]

Sandikkaya, M, T., and Harmanzi, A, E,. 2012. Security Problems of Platform-as-a-Service (PaaS) Clouds and Practical Solutions to the Problems. Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on. IEEE, 2012.

Digital Library

[29]

Vaultive Inc, 2014. Taking Control of Cloud Data: A Realistic Approach to Encryption of Cloud Data in Use. Retrieved from: http://www.vaultive.com/wp-content/uploads/2013/01/Taking-Control-of-Cloud-Data-A-Realistic-Approach-to-Encryption-of-Cloud-Data-in-Use.pdf

[30]

Nelson, G., Charles, M., Fernado, R., Marcos, S., Tereza, C., Mats, N. and Makan, P. 2012. A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing 1.1 (2012): 1--18.

[31]

CSA (2011) CSA TCI Reference Architecture. https://cloudsecurityalliance. org/wp-content/uploads/2011/11/TCI-Reference-Architecture-1.1.pdf

[32]

Claycomb, W. R., and Nicoll, A. (2012, July). Insider Threats to Cloud Computing: Directions for New Research Challenges. In Computer Software and Applications Conference (COMPSAC), (2012) 387--394.

Digital Library

[33]

Shin, D., Akkan, H., Claycomb, W. and Kim, K. 2011. Toward role-based provisioning and access control for infrastructure as a service (IaaS). Journal of Internet Services and Applications, (2011), 243--255.

[34]

Shin, D., Wang, Y., and Claycomb, W. 2012. A policy-based decentralized authorization management framework for cloud computing. In Proceedings of the 27th Annual ACM Symposium on Applied Computing, 465--470.

Digital Library

[35]

Höner, P. 2013. Cloud Computing Security Requirements and Solutions: a Systematic Literature Review. Master's Thesis, University of Twente, 7500AE Enschede, The Netherlands.

Cited By

Vetrova MIvanova D(2024)“Product as a Service” Business Model in the Context of the Development of a Digital Circular EconomyMultidisciplinary Analysis of Digital Transformation and Global Market Dynamics10.4018/979-8-3693-3423-2.ch001(1-24)Online publication date: 29-Nov-2024
https://doi.org/10.4018/979-8-3693-3423-2.ch001
Mušić DHribar JFortuna C(2024)Digital transformation with a lightweight on-premise PaaSFuture Generation Computer Systems10.1016/j.future.2024.06.026160(619-629)Online publication date: Nov-2024
https://doi.org/10.1016/j.future.2024.06.026
Vemula V(2023)Recent Advancements in Cloud Security Using Performance Technologies and Techniques2023 9th International Conference on Smart Structures and Systems (ICSSS)10.1109/ICSSS58085.2023.10407744(1-7)Online publication date: 23-Nov-2023
https://doi.org/10.1109/ICSSS58085.2023.10407744
Show More Cited By

Recommendations

Cloud Multi-Tenancy: Issues and Developments
UCC '17 Companion: Companion Proceedings of the10th International Conference on Utility and Cloud Computing

Cloud Computing (CC) is a computational paradigm that provides pay-per use services to customers from a pool of networked computing resources that are provided on demand. Customers therefore does not need to worry about infrastructure or storage. Cloud ...
The KOALA cloud management service: a modern approach for cloud infrastructure management
CloudCP '11: Proceedings of the First International Workshop on Cloud Computing Platforms

While the variety of public and private cloud infrastructure and storage service offerings increases, only few tools exist to efficiently manage hybrid cloud resources of different cloud providers. KOALA is a novel cloud management tool that allows to ...
Pricing as a Service: Personalized Pricing Strategy in Cloud Computing
CIT '12: Proceedings of the 2012 IEEE 12th International Conference on Computer and Information Technology

Cloud computing is emerging as a model in support of "everything-as-a-service". Virtualized physical resources, virtualized infrastructure, as well as virtualized middleware platforms and business applications are being provided and consumed as services ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

October 2015

271 pages

ISBN:9781450334808

DOI:10.1145/2857218

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

The French Chapter of ACM Special Interest Group on Applied Computing
IFSP: Federal Institute of São Paulo

In-Cooperation

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MEDES '15

Sponsor:

IFSP

MEDES '15: The 7th International Conference on Management of computational and collective IntElligence in Digital EcoSystems

October 25 - 29, 2015

Caraguatatuba, Brazil

Acceptance Rates

MEDES '15 Paper Acceptance Rate 13 of 64 submissions, 20%;

Overall Acceptance Rate 267 of 682 submissions, 39%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
1,710
Total Downloads

Downloads (Last 12 months)129
Downloads (Last 6 weeks)15

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vetrova MIvanova D(2024)“Product as a Service” Business Model in the Context of the Development of a Digital Circular EconomyMultidisciplinary Analysis of Digital Transformation and Global Market Dynamics10.4018/979-8-3693-3423-2.ch001(1-24)Online publication date: 29-Nov-2024
https://doi.org/10.4018/979-8-3693-3423-2.ch001
Mušić DHribar JFortuna C(2024)Digital transformation with a lightweight on-premise PaaSFuture Generation Computer Systems10.1016/j.future.2024.06.026160(619-629)Online publication date: Nov-2024
https://doi.org/10.1016/j.future.2024.06.026
Vemula V(2023)Recent Advancements in Cloud Security Using Performance Technologies and Techniques2023 9th International Conference on Smart Structures and Systems (ICSSS)10.1109/ICSSS58085.2023.10407744(1-7)Online publication date: 23-Nov-2023
https://doi.org/10.1109/ICSSS58085.2023.10407744
Humayun MNiazi MAlmufareh MJhanjhi NMahmood SAlshayeb M(2022)Software-as-a-Service Security Challenges and Best Practices: A Multivocal Literature ReviewApplied Sciences10.3390/app1208395312:8(3953)Online publication date: 14-Apr-2022
https://doi.org/10.3390/app12083953
Alsayfi MDahab MEassa FSalama RHaridi SAl-Ghamdi A(2022)Securing Real-Time Video Surveillance Data in Vehicular Cloud Computing: A SurveyIEEE Access10.1109/ACCESS.2022.317455410(51525-51547)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3174554
Khoda Parast FSindhav CNikam SIzadi Yekta HKent KHakak S(2022)Cloud computing securityComputers and Security10.1016/j.cose.2021.102580114:COnline publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1016/j.cose.2021.102580
Prakash VWilliams AGarg LSavaglio CBawa S(2021)Cloud and Edge Computing-Based Computer Forensics: Challenges and Open ProblemsElectronics10.3390/electronics1011122910:11(1229)Online publication date: 21-May-2021
https://doi.org/10.3390/electronics10111229
Mohd Nordin ALatih RAli N(2021)Software Development Productivity Model: Validation through Expert Review2021 International Conference on Electrical Engineering and Informatics (ICEEI)10.1109/ICEEI52609.2021.9611151(1-6)Online publication date: 12-Oct-2021
https://doi.org/10.1109/ICEEI52609.2021.9611151
Nanang HDurachman YMisman AZulkifli ZSukmana H(2021)Public Key Encryption in the Cloud Computing Environments: Trust and untrust2021 9th International Conference on Cyber and IT Service Management (CITSM)10.1109/CITSM52892.2021.9588879(1-5)Online publication date: 22-Sep-2021
https://doi.org/10.1109/CITSM52892.2021.9588879
Purnaye PKulkarni V(2021)A Comprehensive Study of Cloud ForensicsArchives of Computational Methods in Engineering10.1007/s11831-021-09575-w29:1(33-46)Online publication date: 29-Mar-2021
https://doi.org/10.1007/s11831-021-09575-w
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents