University of Limerick Institutional Repository

Adaptive evidence collection in the cloud using attack scenarios

DSpace Repository

Show simple item record Pasquale, Liliana Hanvey, Sorren Mcgloin, Mark Nuseibeh, Bashar 2017-08-31T09:24:32Z 2016
dc.description peer-reviewed en_US
dc.description.abstract The increase in crimes targeting the cloud is increasing the amount of data that must be analysed during a digital forensic investigation, exacerbating the problem of processing such data in a timely manner. Since collecting all possible evidence proactively could be cumbersome to analyse, evidence collection should mainly focus on gathering the data necessary to investigate potential security breaches that can exploit vulnerabilities present in a particular cloud configuration. Cloud elasticity can also change the attack surface available to an adversary and, consequently, the way potential security breaches can arise. Therefore, evidence collection should be adapted depending on changes in the cloud configuration, such as those determined by allocation/deallocation of virtual machines. In this paper, we propose to use attack scenarios to configure more effective evidence collection for cloud services. In particular, evidence collection activities are targeted to detect potential attack scenarios that can violate existing security policies. These activities also adapt when new/different attack scenarios can take place due to changes in the cloud configuration. We illustrate our approach by using examples of insider and outsider attacks. Our results demonstrate that using attack scenarios allows us to target evidence collection activities towards those security breaches that are likely, while saving space and time necessary to store and process such data. (C) 2016 Elsevier Ltd. All rights reserved. en_US
dc.language.iso eng en_US
dc.publisher Elsevier en_US
dc.relation 291652 en_US
dc.relation.ispartofseries Computers and Security;59, pp. 236-254
dc.rights This is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 2016, 59, pp. 236-254, en_US
dc.subject forensic readiness en_US
dc.subject cloud computing en_US
dc.subject adaptive software en_US
dc.subject attack planning en_US
dc.subject digital investigation en_US
dc.title Adaptive evidence collection in the cloud using attack scenarios en_US
dc.type info:eu-repo/semantics/article en_US
dc.type.supercollection all_ul_research en_US
dc.type.supercollection ul_published_reviewed en_US 2017-08-31T09:14:42Z
dc.description.version ACCEPTED
dc.identifier.doi 10.1016/j.cose.2016.03.001
dc.contributor.sponsor SFI en_US
dc.contributor.sponsor ERC en_US
dc.relation.projectid 13/RC/2094 en_US
dc.relation.projectid 291652 en_US 2018-03-23
dc.embargo.terms 2018-03-06 en_US
dc.rights.accessrights info:eu-repo/semantics/openAccess en_US
dc.internal.rssid 1642500
dc.internal.copyrightchecked Yes
dc.identifier.journaltitle Computers & Security
dc.description.status peer-reviewed

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ULIR


My Account