Security, Privacy, and Digital Forensics in the Cloud
Description
Cloud computing is an emerging yet revolutionary technology that has been changing the way people live and work. However, with the continuous growth of cloud computing and related services, security and privacy has become a critical issue. Written by some of the top experts in the field, this book specifically discusses security and privacy of the cloud, as well as the digital forensics of cloud data, applications, and services. The first half of the book enables readers to have a comprehensive understanding and background of cloud security, which will help them through the digital investigation guidance and recommendations found in the second half of the book.
Part One of Security, Privacy and Digital Forensics in the Cloud covers cloud infrastructure security; confidentiality of data; access control in cloud IaaS; cloud security and privacy management; hacking and countermeasures; risk management and disaster recovery; auditing and compliance; and security as a service (SaaS). Part Two addresses cloud forensics - model, challenges, and approaches; cyberterrorism in the cloud; digital forensic process and model in the cloud; data acquisition; digital evidence management, presentation, and court preparation; analysis of digital evidence; and forensics as a service (FaaS).
* Thoroughly covers both security and privacy of cloud and digital forensics
* Contributions by top researchers from the U.S., the European and other countries, and professionals active in the field of information and network security, digital and computer forensics, and cloud and big data
* Of interest to those focused upon security and implementation, and incident management
* Logical, well-structured, and organized to facilitate comprehension
Security, Privacy and Digital Forensics in the Cloud is an ideal book for advanced undergraduate and master's-level students in information systems, information technology, computer and network forensics, as well as computer science. It can also serve as a good reference book for security professionals, digital forensics practitioners and cloud service providers.
More details
Other editions
Additional editions
Persons
LEI CHEN, PHD, is tenured Associate Professor with the Department of Information Technology at Georgia Southern University, Statesboro, Georgia, USA.
HASSAN TAKABI, PHD, is tenure-track Assistant Professor with the Department of Computer Science and Engineering, University of North Texas, Denton, Texas, USA.
NHIEN-AN LE-KHAC, PHD, is Lecturer with the School of Computer Science at University College Dublin, Ireland.
Content
List of Contributors xv
Part I Cloud Security and Privacy 1
1 Introduction to the Cloud and Fundamental Security and Privacy Issues of the Cloud 3
Hassan Takabi and Mohammad GhasemiGol
1.1 Introduction 3
1.2 Cloud Computing and Security Issues 4
1.3 Identity Security in the Cloud 9
1.4 Information Security in the Cloud 9
1.5 Cloud Security Standards 16
1.6 Conclusion 20
References 20
2 Cloud Infrastructure Security 23
Mohammad GhasemiGol
2.1 Introduction 23
2.2 Infrastructure Security in the Cloud 24
2.3 Infrastructure Security Analysis in Some Clouds 31
2.4 Protecting Cloud Infrastructure 45
2.5 Conclusion 49
References 49
3 Confidentiality of Data in the Cloud: Conflicts Between Security and Cost 51
Nathalie Baracaldo and Joseph Glider
3.1 Introduction 51
3.2 Background 51
3.3 Confidentiality: Threats and Adversaries 54
3.4 Achieving Data Confidentiality in Cloud Storage Systems 55
3.5 Reducing Cloud Storage System Costs through Data-Reduction Techniques 57
3.6 Reconciling Data Reduction and Confidentiality 59
3.7 Trusted Decrypter 62
3.8 Future Directions for Cloud Storage Confidentiality with Low Cost 74
3.9 Conclusions 76
References 77
4 Access Control in Cloud IaaS 81
Yun Zhang, Ram Krishnan, Farhan Patwa, and Ravi Sandhu
4.1 Introduction 81
4.2 Background 82
4.3 Access Control in OpenStack Cloud IaaS 83
4.4 Access Control in AWS Cloud IaaS 90
4.5 Access Control in Azure Cloud IaaS 99
4.6 Conclusions 107
References 107
5 Cloud Security and Privacy Management 109
Patrick Kamongi
5.1 Introduction and Background 109
5.2 Security and Privacy Analysis 111
5.3 Best Security Practices and Recommendation 117
5.4 Use Case Example: Microsoft Office 365, SaaS Version 118
5.5 Current Trends and Future Direction 125
5.6 Related Works 125
5.7 Conclusion 126
Acknowledgments 126
References 126
6 Hacking and Countermeasures in the Cloud 129
Farzaneh Abazari, Hassan Takabi, and Morteza Analoui
6.1 Introduction 129
6.2 Background 130
6.3 Cloud Security Threats 130
6.4 Cloud Security Countermeasures 134
6.5 Hacking the Cloud: Reality Check 136
6.6 Future of Cloud Security 137
6.6.1 Cloud Security for the IoT 138
6.7 Conclusions 139
References 139
7 Risk Management and Disaster Recovery in the Cloud 143
Saman Zonouz
7.1 Introduction 143
7.2 Background 143
7.3 Consequence- Centric Security Assessment 145
7.4 Future Directions 154
7.5 Conclusions 155
8 Cloud Auditing and Compliance 157
Paolina Centonze
8.1 Introduction 157
8.2 Background 157
8.3 Cloud Auditing 162
8.4 Cloud Compliance 170
8.5 Future Research Directions for Cloud Auditing and Compliance 183
8.6 Conclusion 184
References 185
Further Reading 187
9 Security-as-a-Service (SECaaS) in the Cloud 189
Saman Taghavi Zargar, Hassan Takabi, and Jay Iyer
9.1 Introduction 189
9.2 Related Work 192
9.3 Security- as-a-Service Framework 194
9.4 Conclusions 199
References 199
Part II Cloud Forensics 201
10 Cloud Forensics: Model, Challenges, and Approaches 203
Lei Chen, Nhien-An Le-Khac, Sebastian Schlepphorst, and Lanchuan Xu
10.1 Introduction 203
10.2 Background 204
10.3 Process and Model of Cloud Forensics 207
10.4 Cloud Forensics Methods, Approaches, and Tools 211
10.5 Challenges in Cloud Forensics 213
10.6 Conclusions 214
References 214
11 Cyberterrorism in the Cloud: Through a Glass Darkly 217
Barry Cartwright, George R. S. Weir, and Richard Frank
11.1 Introduction 217
11.2 What is Terrorism? 218
11.3 Defining Cyberterrorism 220
11.4 Cyberterrorism vs. Terrorist Use of Cyberspace 221
11.5 Cyberterrorism in the Cloud 222
11.6 The Benefits of the Cloud to Cyberterrorists 225
11.7 Cyberlaw and Cyberterrorism 227
11.8 Conclusion: Through a Glass Darkly 230
References 232
12 Digital Forensic Process and Model in the Cloud 239
Nhien-An Le-Khac, James Plunkett, M-Tahar Kechadi, and Lei Chen
12.1 Introduction 239
12.2 Digital Forensics Models 240
12.3 Cloud Forensics Process and Model 243
12.4 Toward a New Cloud Forensics Model 246
12.5 Evaluation and Analysis 251
12.6 Conclusion 253
References 253
13 Data Acquisition in the Cloud 257
Nhien-An Le-Khac, Michel Mollema, Robert Craig, Steven Ryder, and Lei Chen
13.1 Introduction 257
13.2 Background 258
13.3 Data Center as a Source of Evidence 259
13.4 Cloud Service Providers: Essential Requirements, Governance, and Challenges 260
13.4.1 Business Model 261
13.5 Cloud Storage Forensics 264
13.6 Case Study 1: Finding Data Centers on the Internet in Data-Dense Environments 265
13.7 Case Study 2: Cloud Forensics for the Amazon Simple Storage Service 274
13.8 Conclusion 281
References 281
14 Digital Evidence Management, Presentation, and Court Preparation in the Cloud: A Forensic Readiness Approach 283
Lucia De Marco, Nhien-An Le-Khac, and M-Tahar Kechadi
14.1 Introduction 283
14.2 Cloud Forensics and Challenges 284
14.3 Digital Forensics Readiness 285
14.4 Cloud Forensics Readiness 287
14.5 Forensics Readiness in Evidence Management, Presentation, and Court Preparation 291
14.6 Conclusion 295
References 296
15 Analysis of Cloud Digital Evidence 301
Irfan Ahmed and Vassil Roussev
15.1 Introduction 301
15.2 Background 305
15.3 Current Approaches 307
15.4 Proposed Comprehensive Approaches 312
15.5 Discussion 317
15.6 Conclusions 317
References 318
16 Forensics-as-a-Service (FaaS) in the State-of-the-Art Cloud 321
Avinash Srinivasan and Frank Ferrese
16.1 Introduction 321
16.2 Background and Motivation 323
16.3 State of the Art in Parallel and Distributed Forensic Analysis 325
16.4 Conclusion and Future Research Direction 334
References 335
Index 339
1
Introduction to the Cloud and Fundamental Security and Privacy Issues of the Cloud
Hassan Takabi1 and Mohammad GhasemiGol2
1Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA
2Department of Computer Engineering, University of Birjand, Birjand, Iran
1.1 Introduction
Cloud computing is the most popular paradigm in the computer world that provides on-demand computing and storage capabilities to consumers over the Internet. However, these benefits may result in serious security issues such as data breaches, computation breaches, flooding attacks, etc. On the other hand, the whole IT infrastructure is under the control of the cloud provider, and cloud consumers have to trust the security-protection mechanisms that are offered by service providers. Therefore, security concerns should be considered to improve the assurance of required security for cloud customers.
The key security constructs in the cloud environment are information, identity, and infrastructure. Cloud information flows into the physical infrastructure from many users across different devices and geographies. The objective of information security is to protect information as well as information systems from unauthorized access, use, disclosure, disruption, modification, or destruction (Winkler 2011). In other words, at the heart of any information security system is the requirement to protect the confidentiality, integrity, and availability of data. It is important to thoroughly understand your organization's security policies in order to implement standards in a cloud environment that will form your security framework (Steiner and Khiabani 2012). Data governance concerns commonly arise in the areas of IP protection, regulatory governance, industry compliance requirements, and data mobility. A consistent set of policies is needed for compliance and governance across cloud platforms that IT may not always control. These policies are required for identifying sensitive information; controlling its transmission, storage, and use in the Cloud; and sharing it among users and devices. These policies must be consistently enforced across private and public clouds, and physical infrastructure. Traditionally, IT has used enterprise identity to control user access and entitlement to a variety of on-premises information and application assets. This principle must be extended to identities at cloud service providers, controlling what information employees can access in which clouds, from which devices, and in which locations.
This chapter provides an introduction to the Cloud and its fundamental security and privacy issues. We start with a background of cloud computing and security issues in Section 1.2. In Section 1.3, we briefly discuss identity security in cloud computing. Cloud information security issues are investigated in Section 1.4. In Section 1.5, we discuss some cloud security standards. Finally, conclusions are drawn in Section 1.6.
1.2 Cloud Computing and Security Issues
The US ( ) defines cloud computing as follows: "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models (Mell and Grance 2011)."
NIST defines five major actors: cloud consumer, cloud provider, cloud auditor, cloud broker, and cloud carrier (Hogan et al. 2011):
- Cloud consumer - A person or organization that maintains a business relationship with and uses services offered by cloud providers.
- Cloud provider - A person, organization, or entity responsible for offering various services to cloud consumers.
- Cloud auditor - A party that can conduct independent assessments of cloud services, information system operations, performance, and security of cloud implementations.
- Cloud broker - An entity that manages the use, performance, and delivery of cloud services, and negotiates relationships between cloud providers and cloud consumers.
- Cloud carrier - The intermediary that provides connectivity and transport of cloud services from cloud providers to cloud consumers.
There are three service-delivery models and four deployment models in the cloud environment. As shown in Figure 1.1, cloud providers offer Infrastructure-as-a-Service ( ), Platform-as-a-Service ( ), and Software-as-a-Service () as three fundamental services (Hashizume 2013; Mell and Grance 2011):
- Infrastructure-as-a-Service - IaaS is the most basic cloud service model, where cloud providers offer servers, storage, and network, typically in the form of virtual appliances. Consumers can deploy and run any software such as operating systems and applications. IaaS providers are responsible for the underlying infrastructure including housing, running, and maintaining these resources, while consumers are responsible for maintaining the operating system and their applications. Amazon Elastic Compute Cloud (, http://aws.amazon.com/ec2)), Eucalyptus (http://www8.hp.com/us/en/cloud/helion-eucalyptus.html), and OpenNebula (http://opennebula.org) are some examples of IaaS providers.
- Platform-as-a-Service - In PaaS, providers offer environments for developing, deploying, hosting, and testing software applications. Typically, it includes programming languages, databases, libraries, and other development tools. Consumers are not responsible for the underlying infrastructure, operating systems, or storage, but they are responsible for their deployed applications. Examples of PaaS providers include Microsoft Azure (https://azure.microsoft.com/en-us), Force.com (http://www.force.com), and Google App Engine (https://cloud.google.com/appengine).
- Software-as-a-Service - In SaaS, cloud providers offer applications on demand that are hosted on the Cloud and can be accessed through thin clients. Consumers do not manage or control the underlying infrastructure. Some SaaS applications allow limited user-specific customization. Examples of SaaS providers include Salesforce.com's Customer Relationship Management (, www.salesforce.com) and FreshBooks (www.freshbooks.com).
Figure 1.1 Cloud components in the different types of cloud services.
The four cloud deployment models are briefly described as follows (Mell and Grance 2011):
- Public cloud - A public cloud is deployed by an organization that offers various services to the general public over the Internet. The infrastructure is owned and managed by the service provider, and it is located in the provider's facilities. Cloud providers are responsible for the installation, management, provisioning, and maintenance of the cloud services. Users' data is stored and processed in the Cloud, which may raise security and privacy issues. It exists on the premises of the cloud provider.
- Private cloud - A private cloud is deployed for a single organization and is dedicated entirely to that organization's internal users. The private cloud resides in the organization's facilities; however, it can be hosted and managed by a third-party provider. The private cloud can be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises, so that data security and availability can be controlled by each of them.
- Community cloud - A community cloud is deployed for a specific community of consumers from organizations that share common computing concerns. It may be owned, managed, and operated by one or more of the organization's members, a third party, or some combination of them, and it may exist on or off premises.
- Hybrid cloud - This is a combination of the previous types of clouds (private, public, or community) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. In order to ensure security, an organization should migrate some of its processes to a public cloud while remaining its critical process in-house.
Several characteristics of cloud computing that are mentioned in the literature are listed next (Hashizume 2013; Kizza and Yang 2014; Mell and Grance 2011):
- Accessibility - Cloud services can be accessed from anywhere at any time via browsers or APIs by different client platforms such as laptops, desktops, mobile phones, and tablets. Cloud services are network dependent, so the network (Internet, [LAN], or [WAN]) has to work in order to access cloud services.
- On-demand, self-service - Traditionally, acquisition of computing...
