This document summarizes Asif Imran's research presentation on developing an effective provenance model from system logs to improve cloud data forensics. The presentation discusses proposing research on this topic, existing provenance research works, and background on cloud provenance detection. It also describes the experimental environment involving OpenStack components that will be used to test provenance detection in the cloud. The overall goal is to derive a provenance model from system logs that can ensure improved management of cloud data forensics.
Provenance based presentation on cloud computing security
1. Research Supervisor: Dr. Kazi Sakib
Associate Professor and BIT Program Chair, IIT, DU
Asif Imran :BIT0119
Provenance Research presentation 1
2. • Proposed Research
• Existing Research Work
• Cloud Provenance Detection: Background
Study
• Experimental Environment
Provenance Research presentation 2
3. How can an effective provenance model from
system logs be derived that will ensure improved
management of cloud data forensics?
Provenance Research presentation 3
11. Service Reason of Failure (Assumed) Duration
Amazon S3 Authentication mechanisms overloaded by 2 hours
remote attacks (no action taken)
Google Error from the end of the maintenance 4.6 hours
AppEngine engineer’s program (no action taken)
Gmail The contact list mechanism crashed (tested 1.4 hours
for bugs)
Provenance Research presentation 11
16. Server Hardware
Cloud Controller node which runs the following: Processor: 64-bit x86
Network, Memory: 16 GB RAM
Volume Disk space: 1900 GB (SATA or SAS or SSD)
API Volume storage: 100 GB (SATA) for volumes attached to the
Scheduler compute nodes
Image services Network: one 1 GB Network Interface Card
(NIC) minimum
Compute node which runs the following: Processor: 64-bit x86
Virtual instances Memory: 16 GB RAM (32 GB minimum)
System log information Disk space: 2 TB GB (SATA)
Communication with the Compute Network: two 1 GB NICs
Provenance Research presentation 16
21. [1] A. Haeberlen, ―A case for the accountable cloud,‖ ACM SIGOPS, Operating
Systems Review, vol. 44, no. 2, 2010, pp. 52-57.
[2] S. Pearson and A. Benameur, ―Privacy, Security and Trust Issues Arising from
Cloud Computing,‖ Proc. The 2nd International Conference on Cloud Computing
2010, IEEE, 2010, pp. 693-702.
[3] M. Vouk, ―Cloud computing—Issues, research and implementations,‖ Proc. 30th
International Conference on Information Technology Interfaces, 2008 (ITI 2008)
IEEE, 2008, pp. 31-40.
[4] S.B. Davidson, S. Khanna, S. Roy, J. Stoyanovich, V. Tannen and Y. Chen, ―On
provenance and privacy,‖ Proc. Proceedings of the 14th International Conference on
Database Theory (ICDT), ACM, 2011, pp. 3-10.
[5] J. Yao, S. Chen, C. Wang, D. Levy and J. Zic, ―Accountability as a Service for the
Cloud,‖ Proc. IEEE Service Computing Conference 2010 (SCC 2010), IEEE, 2010, pp.
81-88.
[6] J. Wei, X. Zhang, G. Ammons, V. Bala and P. Ning, ―Managing security of virtual
machine images in a cloud environment,‖ ACM, 2009, pp. 91-96.
Provenance Research presentation 21
22. [7] W.Z.P. Ning, X.Z.G. Ammons, R. Wang and V. Bala, ―Always Upto- date–Scalable Offline
Patching of VM Images in a Compute Cloud,‖ IBM Technical Papers, no. RC24956, 2010.
[8] R.K.L. Ko, B.S. Lee and S. Pearson, ―Towards Achieving Accountability, Auditability and
Trust in Cloud Computing,‖ Proc. International workshop on Cloud Computing: Architecture,
Algorithms and Applications (CloudComp2011), Springer, 2011, pp. 5.
[9] Cloud Security Alliance, ―Top Threats to Cloud Computing (V1.0),‖ 2010;
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
[10] J. Brodkin, ―Gartner: Seven cloud-computing security risks,‖ Infoworld, 2008, pp. 1–3.
[11] W. Zhou, M. Sherr, T. Tao, X. Li, B.T. Loo and Y. Mao, ―Efficient querying and
maintenance of network provenance at internet-scale,‖ Proc. 2010 International Conference
on Management of Data (SIGMOD 2010), ACM, 2010, pp. 615-626.
[12] M. Mowbray, S. Pearson and Y. Shen, ―Enhancing privacy in cloud computing via
policy-based obfuscation,‖ The Journal of Supercomputing, 2010, pp. 1-25.
[13] ―OpenStack Compute Administration Guide‖ 2011
Provenance Research presentation 22