The primary focus of behind the literature search is to research about the latest trends in the log analysis based monitoring tools of cloud which also provides the features for forensics ability. We list below our analysis of different papers we read which pertains information related to our topic. We have analyzed various tools and techniques available, which are doing log analysis on a cloud. The motive of which is to create a novel log based private cloud analysis build with the help of OpenStack cloud operating system. The paper ‘Cloud Computing Log Forensics- The new frontier’ talks about the complication when forensics is applied to the cloud.[1] Since there is no one to one mapping in cloud and cloud forensics involves evidence …show more content…
The paper proposes solutions to the aforementioned issues in a very detailed manner. The paper ‘Log file 's centralization to improve cloud security’ proposes a centralized, secure and comprehensive architecture for log-based analysis for cloud computing platform [3]. It suggests the use of logs generated by cloud due to different activities performed, defining the policies of which log file should be kept and which files must be transferred, and reporting of the attacks and threats and attacks based on the analysis of these logs. Algorithms like map-reduce are applied which can report about the patterns which can lead to attacks based on comparison with the stored values. Updating the policies based on the new findings during the analysis of the logs files. The paper ‘Event Correlation for Log Analysis in the Cloud’ proposes an approach for correlating different log based events so that these logs can be segregated [4]. It uses Infrastructure-as-a-service (IaaS) like OpenStack and through various correlation condition like Attribute-Based Correlation, Conjunctive Correlation, and Disjunctive Correlation and through this correlation criteria are set. Once policies for correlating events are defined, association rule mining can be applied to the log data. Based on the mining, classification and clustering of the events can be done which can later be used for detection of attacks and abnormalities in the system. The paper ‘Secure logging monitor service for cloud
Cloud Forensics combines cloud computing and digital forensics. It is concerned with computer forensics with some consideration to network/intrusion forensics. Computer forensic focus on using procedures to create audit trails based on the residing data. Network forensic focus on analyzing network traffic and gathering information by monitoring that traffic to extract or collect information that might be considered a possible evidence. Intrusion forensic is concerned with investigating possible intrusions to computers or networks [4] [5].
The Cloud Computing is one of the fastest growing technology that attracts researchers to add and improve its services [1][7]. Organizations benefit from this technology by replacing traditional IT hardware and data centers with remote, on-demand paid hardware and software services, that are configured for their particular needs, managed and hosted by the organization users or even a third party. This increases the organization’s flexibility and efficiency, without the need to have a dedicated IT staff or owning special hardware equipment or software licenses.
age is installed on all the three active systems (Linux instances) to inject failures. The
One of the most important issues related to cloud security risks is data integrity. The data stored in the cloud may suffer from damage during transition operations from or to the cloud storage provider. Cachinet al. give examples of the risk of attacks from both inside and outside the cloud provider, such as the recently attacked Red Hat Linux’s distribution
Cloud computing is a type of computing, instead of having local servers or personal devices to handle applications it trusts on sharing computing resources. Cloud data storage has many advantages over local data storage. This paper mainly focuses on security concerned privacy data enhancement in the cloud environment. This would serve as the promising analysis to ken about the reinforcing approach utilized for resolving the privacy issues and the security threats occurred in the cloud resources. This paper describes different problems associated to privacy while saving user’s data on third party service providers, which is more generally called as cloud service. There is a lot of investigation being made to spot out the issues with these cloud service providers and cloud security in general. This would serve as the promising analysis to know about the strengthening approach used for resolving the privacy issues and the security threats occurred in the cloud resources. The Major problem in Cloud Computing is a Data security. Data is accessed anywhere without retaining local copy of data in cloud storage. The data is not secured with others as cloud provider cannot be trusted. Thus, enabling public audibility for cloud storage is of critical importance so that users can resort to a TPA to check the integrity of outsourced data.
This section of paper includes why we need cloud computing as a security control tool against the cyber criminal activities and in how many ways it can be implemented. As we are living in a technical era, many aspects of our lives rely on the Internet and computers, including transportation, communications, government, medicine, finance and education. Consider how much of our personal information is stored either on our own computer or on someone else’s system.
Over the past several years the term cloud computing has become common in homes and organizations alike. Cloud computing can be defined as a pooled set of computing resources that are furnished via the internet. There are three types of cloud services typically available, these services are Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS). Organizations can benefit greatly from cloud services because they eliminate the need to buy and manage physical resources. Although such an action cuts cost it leaves organization victim to the vulnerabilities and threats that exist in cloud computing. Throughout this paper I will discuss the vulnerabilities and threats that come
Usage of remote servers via internet to store, manage and process data instead of using a personal computer is known as Cloud computing. It’s a set of Information Technology services with the ability to scale up or down their service requirements. Most of the cloud services are provided by a third party service provider. In cloud computing, organizations can utilize IT services without in advance investment. Despite its benefits obtained from the cloud computing, the organizations are slow in accepting it due to security issues and challenges. Security is one of the major problems which hinder the growth of cloud. It’s not wise to handing over the important data to another company; such that clients need to be vigilant in understanding the risks of data infringement in this new environment. This paper discusses a detailed analysis of the cloud computing security issues and challenges. (Ayoleke)
In this paper, mainly two ideas to secure the information in audit logs have been defined. One of the first approaches is to secure only the audit files from attacker, such that, even if the machine is compromised, the attacker will obtain no or very little knowledge from the current log files and is not able to plant false information in the log file itself. The second approach is more concerned with the securing the Log server itself by using encryption as well as dynamic IP techniques. Both the methods have been defined in detail below.
Cloud computing has become so famous; there is much widespread news about the cloud these days. This is mainly because of the exponential shift of the business applications from traditional models of software towards the Internet, and now through mobile devices. Cloud computing is a model that uses the network of remote servers that has been hosted on the internet rather than on a specific hardware. This would enable a better shared pool for storing, accessing and processing of data. With the huge information being available in the internet, the security for cloud computing has been challenging and this paper would elucidates the security threats of cloud computing also stating the possible countermeasures for them.
The surge in advancements in distributed systems and networking technology and the advantages that it has brought along with it, has many individuals and organizations move from local to remote cloud storage [1]. Cloud storage falls under Infrastructure as a Service (IaaS) in the series of cloud services where in, a user’s or organization’s data is stored in a nexus of remote servers. Cloud infrastructures can be broadly classified as either public or private. The remote servers provided by public cloud storage service, preserves the unhindered and efficient accessibility of a local storage server along with transparency while customers/users has access to their data. While there are benefits to using a public cloud infrastructure, it poses significant privacy and security risks [2]. The goal of this research is to obtain the degree of security that is indigenous to a private cloud environment in a public cloud environment with respect to data storage. To achieve such degree of security [1], a public cloud storage service should provide (at least):
Big data has become enduring as cost effective approaches have emerged to five V’s in Big Data, the five V’s are: high Volume, high Velocity, high Variety, Veracity and Value of information. Within this data lie valuable patterns and information previously hidden because of the amount of work required extract them. In the era of technology the commodity hardware, cloud architechers and open source software bring Big data processing into the reach of the less well resourced. Big data processing is the eminently feasible even the small garage startups, who can cheaply rent server time in the cloud. The frame work to process and analyze stored Big data is named Hadoop. HDFS in Hadoop is used to store the data and Map Reduce is the tool to process the data. Hadoop ecosystem (including Pig, Hive, Mahout, and Hadoop), stream mining, complex-event processing, and NoSQL databases are enabling the analysis of large-scale, heterogeneous datasets at unprecedented scales and speeds. These technologies are transforming security analytics by facilitating the storage, maintenance, and analysis of security information. For instance, the WINE platform [1] and Bot-Cloud [2] allow the use of Map Reduce to efficiently process data for security analysis. Earlier Security Information and Event Management (SIEM)[3] tools were not developed
We imagine that the combination of these security features will provide high level of security for the Cloud. currently no other system can provide this level of security .We have used these concepts to notice illegal data access to data stored on a local file system by masqueraders, i.e. attackers who copy valid users after theft their identification .Our trial results in a local file system setting show that combining both techniques can produce better results, and our results advise that this approach may work in a Cloud environment, as the Cloud is proposed to be as clear to the user as a local file system. In the following we analysis briefly some of the trial results achieved by using this approach to detect masquerade activity in a local file setting.[11]
Log files may not be helpful in pinpointing the location of data because of diverse nature of cloud. The article describes about various tools and procedures that are developed to help investigators identify the evidence in logs. A log-based model is proposed by Sang which only works for PaaS and SaaS models. A framework is developed by Marty which retrieves logs in a standard manner. This technique ensures forensics investigators that the data collected is authentic but when the power is turned off, the volatile data will be lost which may contain evidence.
The paper ‘Log file 's centralization to improve cloud security’ proposes a centralized, secure and comprehensive architecture for log-based analysis for cloud computing platform [3]. It suggests the use of logs generated by cloud due to different activities performed, defining the policies of which log file should be kept and which files must be transferred, and reporting of the attacks and threats and attacks based on the analysis of these logs. Algorithms like map-reduce are applied which can report about the patterns which can lead to attacks based on comparison with the stored values. Updating the policies based on the new findings during the analysis of the logs files.