The Cloud: Privacy and Forensics

2,601 views

Published on

Published in: Education
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,601
On SlideShare
0
From Embeds
0
Number of Embeds
488
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

The Cloud: Privacy and Forensics

  1. 1. Cloud Forensics and Privacy Keyun Ruan keyun.ruan@ucd.ie Center for Cybersecurity and Cyber Crime Investigation University College Dublin National Library of Wales, Aberystwyth Sep 6 2012
  2. 2. Cloud Forensics: an Overview• Cloud computing - Essential characteristics - Service models - Deployment models - Cloud actors - Service Level Agreement• Digital Forensics• Multiple Dimensions - Technical - Legal - Organizational
  3. 3. Cloud Investigations• Internal Investigations - Security incidents - Policy violations - Regulatory compliance - Event management• External Investgations - Criminal case - Civil case
  4. 4. Forensic Implications of Cloud Reference Architecture Figure 1. NIST Cloud Conceptual Reference Model (Liu et al. 2011)
  5. 5. Service Models and the Split of Control Figure 2. Split of Control between Provider and Consumer
  6. 6. Forensic Artifacts in Cloud Environments • Service Layer - SaaS (Application Layer) - PaaS (Middleware Layer) - IaaS (OS Layer) • Resource Abstraction and Control Layer • Physical Resource Layer Figure 3. Cloud System Environment (Liu et al. 2011)
  7. 7. Cloud ProviderFigure 4. Cloud Provider Usage Scenario (Liu et al. 2011)
  8. 8. Cloud ConsumerFigure 5. Cloud Consumer Usage Scenario (Liu et al. 2011)
  9. 9. Cloud BrokerFigure 6. Cloud Broker Usage Scenario (Liu et al. 2011)
  10. 10. Cloud CarrierFigure 7. Cloud Carrier Usage Scenario (Liu et al. 2011)
  11. 11. Cloud AuditorFigure 8. Cloud Auditor Usage Scenario (Liu et al. 2011)
  12. 12. Cloud Actors Interaction Scenario 1 Figure 9. Cloud Actors Interaction Scenario 1
  13. 13. Cloud Actors Interaction Scenario 2 Figure 10. Cloud Actors Interaction Scenario 2
  14. 14. Cloud Actors Interaction Scenario 3 Figure 11. Cloud Actors Interaction Scenario 3
  15. 15. Public CloudForensic Case 1: Cloud Consumers Forensic Case 2: Cloud Consumersaccessing the Cloud over a network Accessing the Cloud from within the enterprise network Figure 12. Public Cloud Deployment (Liu et al. 2011)
  16. 16. Private CloudForensic Case 1: On‐site Forensic Case 2:Private Cloud Out‐sourced Private Cloud Figure 13. Private Cloud Deployment (Liu et al. 2011)
  17. 17. Community CloudForensic Case 1: On‐site Forensic Case 2: OutsourcedCommunity Cloud Community Cloud Figure 14. Community Cloud Deployment (Liu et al. 2011)
  18. 18. Hybrid CloudFigure 15. Hybrid Cloud Deployment (Liu et al. 2011)
  19. 19. Cloud Forensics: Challenges• Forensic acquisition • Identity and anonymity• Evidence segregation management• Virtualized environment • Data recovery• Data location • Proliferation of endpoints• Forensic staffing • Time synchronization• External dependency • Log management chains • Encryption and key• Service Level Agreement management• Multiple jurisdiction, multiple tenancy, multiple ownership
  20. 20. Cloud Forensics: Opportunities• Cost effectiveness• Data abundance• Overall robustness• Scalability and flexibility• Policies and standards• Forensic‐as‐a‐Service (FaaS)
  21. 21. Survey on Cloud Forensics and CriticalCriteria for Cloud Forensic Capability • 257 respondents Figure 16. Impact of Cloud Computing on Forensics
  22. 22. Top Challenges•  Jurisdiction (89.43% significant or very significant, 59.62% very significant) •  Lack of international collaboration and legislative mechanism in cross - nation data access and exchange (84.77% significant or very significant)•  Investigating external chain of dependencies of the cloud provider (e.g., a cloud provider can use the service from another provider) (80.96% significant or very significant)•  Decreased access to and control over forensic data at all levels from customer side (78.3% significant or very significant)•  Lack of law/regulation and law advisory (76.19% significant or very significant)
  23. 23. Key Terms for the Service Level Agreement • Cloud offering • Technical dimension • Organizational dimension • Legal dimension • Auditing
  24. 24. ISO SeriesSource: Marshall A.M. (2011) Standards, regulation & quality in digitalinvestigations: The state we are in, Digital Investigation 8 p141-‐‐144
  25. 25. “The first requisite of civilizationis that of justice” Sigmund Freud
  26. 26. THANK YOU!@ruankeyunkeyun.ruan@ucd.ie

×