Hypervisor Event Logs as a Source of Consistent Virtual Machine Evidence for Forensic Cloud Investigations - Data and Applications Security and Privacy XXVII
Conference Papers Year : 2013

Hypervisor Event Logs as a Source of Consistent Virtual Machine Evidence for Forensic Cloud Investigations

Sean Thorpe
  • Function : Author
  • PersonId : 1004178
Tyrone Grandison
  • Function : Author
  • PersonId : 1004179
Abbie Barbir
  • Function : Author
  • PersonId : 1004180
Robert France
  • Function : Author
  • PersonId : 881340

Abstract

Cloud Computing is an emerging model of computing where users can leverage the computing infrastructure as a service stack or commodity. The security and privacy concerns of this infrastructure arising from the large co-location of tenants are, however, significant and pose considerable challenges in its widespread deployment. The current work addresses one aspect of the security problem by facilitating forensic investigations to determine if these virtual tenant spaces were maliciously violated by other tenants. It presents the design, application and limitations of a software prototype called the Virtual Machine (VM) Log Auditor that helps in detecting inconsistencies within the activity timelines for a VM history. A discussion on modeling a consistent approach is also provided.
Fichier principal
Vignette du fichier
978-3-642-39256-6_7_Chapter.pdf (684.37 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-01490726 , version 1 (15-03-2017)

Licence

Identifiers

Cite

Sean Thorpe, Indrajit Ray, Tyrone Grandison, Abbie Barbir, Robert France. Hypervisor Event Logs as a Source of Consistent Virtual Machine Evidence for Forensic Cloud Investigations. 27th Data and Applications Security and Privacy (DBSec), Jul 2013, Newark, NJ, United States. pp.97-112, ⟨10.1007/978-3-642-39256-6_7⟩. ⟨hal-01490726⟩
108 View
146 Download

Altmetric

Share

More