Home Page Icon
Home Page
Table of Contents for
Table of Contents
Close
Table of Contents
by Nhien-An Le-Khac, Hassan Takabi, Lei Chen
Security, Privacy, and Digital Forensics in the Cloud
Cover
List of Contributors
Part I: Cloud Security and Privacy
1 Introduction to the Cloud and Fundamental Security and Privacy Issues of the Cloud
1.1 Introduction
1.2 Cloud Computing and Security Issues
1.3 Identity Security in the Cloud
1.4 Information Security in the Cloud
1.5 Cloud Security Standards
1.6 Conclusion
References
2 Cloud Infrastructure Security
2.1 Introduction
2.2 Infrastructure Security in the Cloud
2.3 Infrastructure Security Analysis in Some Clouds
2.4 Protecting Cloud Infrastructure
2.5 Conclusion
References
3 Confidentiality of Data in the Cloud: Conflicts Between Security and Cost
3.1 Introduction
3.2 Background
3.3 Confidentiality: Threats and Adversaries
3.4 Achieving Data Confidentiality in Cloud Storage Systems
3.5 Reducing Cloud Storage System Costs through Data‐Reduction Techniques
3.6 Reconciling Data Reduction and Confidentiality
3.7 Trusted Decrypter
3.8 Future Directions for Cloud Storage Confidentiality with Low Cost
3.9 Conclusions
References
4 Access Control in Cloud IaaS
4.1 Introduction
4.2 Background
4.3 Access Control in OpenStack Cloud IaaS
4.4 Access Control in AWS Cloud IaaS
4.5 Access Control in Azure Cloud IaaS
4.6 Conclusions
References
5 Cloud Security and Privacy Management
5.1 Introduction and Background
5.2 Security and Privacy Analysis
5.3 Best Security Practices and Recommendation
5.4 Use Case Example: Microsoft Office 365, SaaS Version
5.5 Current Trends and Future Direction
5.6 Related Works
5.7 Conclusion
Acknowledgments
References
6 Hacking and Countermeasures in the Cloud
6.1 Introduction
6.2 Background
6.3 Cloud Security Threats
6.4 Cloud Security Countermeasures
6.5 Hacking the Cloud: Reality Check
6.6 Future of Cloud Security
6.7 Conclusions
References
7 Risk Management and Disaster Recovery in the Cloud
7.1 Introduction
7.2 Background
7.3 Consequence‐Centric Security Assessment
7.4 Future Directions
7.5 Conclusions
8 Cloud Auditing and Compliance
8.1 Introduction
8.2 Background
8.3 Cloud Auditing
8.4 Cloud Compliance
8.5 Future Research Directions for Cloud Auditing and Compliance
8.6 Conclusion
References
Further Reading
9 Security‐as‐a‐Service (SECaaS) in the Cloud
9.1 Introduction
9.2 Related Work
9.3 Security‐as‐a‐Service Framework
9.4 Conclusions
References
Part II: Cloud Forensics
10 Cloud Forensics: Model, Challenges, and Approaches
10.1 Introduction
10.2 Background
10.3 Process and Model of Cloud Forensics
10.4 Cloud Forensics Methods, Approaches, and Tools
10.5 Challenges in Cloud Forensics
10.6 Conclusions
References
11 Cyberterrorism in the Cloud: Through a Glass Darkly
11.1 Introduction
11.2 What Is Terrorism?
11.3 Defining Cyberterrorism
11.4 Cyberterrorism vs. Terrorist Use of Cyberspace
11.5 Cyberterrorism in the Cloud
11.6 The Benefits of the Cloud to Cyberterrorists
11.7 Cyberlaw and Cyberterrorism
11.8 Conclusion: Through a Glass Darkly
References
12 Digital Forensic Process and Model in the Cloud
12.1 Introduction
12.2 Digital Forensics Models
12.3 Cloud Forensics Process and Model
12.4 Toward a New Cloud Forensics Model
12.5 Evaluation and Analysis
12.6 Conclusion
References
13 Data Acquisition in the Cloud
13.1 Introduction
13.2 Background
13.3 Data Center as a Source of Evidence
13.4 Cloud Service Providers: Essential Requirements, Governance, and Challenges
13.5 Cloud Storage Forensics
13.6 Case Study 1: Finding Data Centers on the Internet in Data‐Dense Environments
13.7 Case Study 2: Cloud Forensics for the Amazon Simple Storage Service
13.8 Conclusion
References
14 Digital Evidence Management, Presentation, and Court Preparation in the Cloud: A Forensic Readiness Approach
14.1 Introduction
14.2 Cloud Forensics and Challenges
14.3 Digital Forensics Readiness
14.4 Cloud Forensics Readiness
14.5 Forensics Readiness in Evidence Management, Presentation, and Court Preparation
14.6 Conclusion
References
15 Analysis of Cloud Digital Evidence
15.1 Introduction
15.2 Background
15.3 Current Approaches
15.4 Proposed Comprehensive Approaches
15.5 Discussion
15.6 Conclusions
References
16 Forensics‐as‐a‐Service (FaaS) in the State‐of‐the‐Art Cloud
16.1 Introduction
16.2 Background and Motivation
16.3 State of the Art in Parallel and Distributed Forensic Analysis
16.4 Conclusion and Future Research Direction
References
Index
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Title Page
Table of Contents
Cover
List of Contributors
Part I: Cloud Security and Privacy
1 Introduction to the Cloud and Fundamental Security and Privacy Issues of the Cloud
1.1 Introduction
1.2 Cloud Computing and Security Issues
1.3 Identity Security in the Cloud
1.4 Information Security in the Cloud
1.5 Cloud Security Standards
1.6 Conclusion
References
2 Cloud Infrastructure Security
2.1 Introduction
2.2 Infrastructure Security in the Cloud
2.3 Infrastructure Security Analysis in Some Clouds
2.4 Protecting Cloud Infrastructure
2.5 Conclusion
References
3 Confidentiality of Data in the Cloud: Conflicts Between Security and Cost
3.1 Introduction
3.2 Background
3.3 Confidentiality: Threats and Adversaries
3.4 Achieving Data Confidentiality in Cloud Storage Systems
3.5 Reducing Cloud Storage System Costs through Data‐Reduction Techniques
3.6 Reconciling Data Reduction and Confidentiality
3.7 Trusted Decrypter
3.8 Future Directions for Cloud Storage Confidentiality with Low Cost
3.9 Conclusions
References
4 Access Control in Cloud IaaS
4.1 Introduction
4.2 Background
4.3 Access Control in OpenStack Cloud IaaS
4.4 Access Control in AWS Cloud IaaS
4.5 Access Control in Azure Cloud IaaS
4.6 Conclusions
References
5 Cloud Security and Privacy Management
5.1 Introduction and Background
5.2 Security and Privacy Analysis
5.3 Best Security Practices and Recommendation
5.4 Use Case Example: Microsoft Office 365, SaaS Version
5.5 Current Trends and Future Direction
5.6 Related Works
5.7 Conclusion
Acknowledgments
References
6 Hacking and Countermeasures in the Cloud
6.1 Introduction
6.2 Background
6.3 Cloud Security Threats
6.4 Cloud Security Countermeasures
6.5 Hacking the Cloud: Reality Check
6.6 Future of Cloud Security
6.7 Conclusions
References
7 Risk Management and Disaster Recovery in the Cloud
7.1 Introduction
7.2 Background
7.3 Consequence‐Centric Security Assessment
7.4 Future Directions
7.5 Conclusions
8 Cloud Auditing and Compliance
8.1 Introduction
8.2 Background
8.3 Cloud Auditing
8.4 Cloud Compliance
8.5 Future Research Directions for Cloud Auditing and Compliance
8.6 Conclusion
References
Further Reading
9 Security‐as‐a‐Service (SECaaS) in the Cloud
9.1 Introduction
9.2 Related Work
9.3 Security‐as‐a‐Service Framework
9.4 Conclusions
References
Part II: Cloud Forensics
10 Cloud Forensics: Model, Challenges, and Approaches
10.1 Introduction
10.2 Background
10.3 Process and Model of Cloud Forensics
10.4 Cloud Forensics Methods, Approaches, and Tools
10.5 Challenges in Cloud Forensics
10.6 Conclusions
References
11 Cyberterrorism in the Cloud: Through a Glass Darkly
11.1 Introduction
11.2 What Is Terrorism?
11.3 Defining Cyberterrorism
11.4 Cyberterrorism vs. Terrorist Use of Cyberspace
11.5 Cyberterrorism in the Cloud
11.6 The Benefits of the Cloud to Cyberterrorists
11.7 Cyberlaw and Cyberterrorism
11.8 Conclusion: Through a Glass Darkly
References
12 Digital Forensic Process and Model in the Cloud
12.1 Introduction
12.2 Digital Forensics Models
12.3 Cloud Forensics Process and Model
12.4 Toward a New Cloud Forensics Model
12.5 Evaluation and Analysis
12.6 Conclusion
References
13 Data Acquisition in the Cloud
13.1 Introduction
13.2 Background
13.3 Data Center as a Source of Evidence
13.4 Cloud Service Providers: Essential Requirements, Governance, and Challenges
13.5 Cloud Storage Forensics
13.6 Case Study 1: Finding Data Centers on the Internet in Data‐Dense Environments
13.7 Case Study 2: Cloud Forensics for the Amazon Simple Storage Service
13.8 Conclusion
References
14 Digital Evidence Management, Presentation, and Court Preparation in the Cloud: A Forensic Readiness Approach
14.1 Introduction
14.2 Cloud Forensics and Challenges
14.3 Digital Forensics Readiness
14.4 Cloud Forensics Readiness
14.5 Forensics Readiness in Evidence Management, Presentation, and Court Preparation
14.6 Conclusion
References
15 Analysis of Cloud Digital Evidence
15.1 Introduction
15.2 Background
15.3 Current Approaches
15.4 Proposed Comprehensive Approaches
15.5 Discussion
15.6 Conclusions
References
16 Forensics‐as‐a‐Service (FaaS) in the State‐of‐the‐Art Cloud
16.1 Introduction
16.2 Background and Motivation
16.3 State of the Art in Parallel and Distributed Forensic Analysis
16.4 Conclusion and Future Research Direction
References
Index
End User License Agreement
List of Tables
Chapter 4
Table 4.1 OSAC‐HMT‐SID administrative model.
Table 4.2 AWS‐AC‐SID administrative model.
Table 4.3 Azure‐AC‐SID administrative model.
Chapter 5
Table 5.1 A couple of applications within an Office 365 subscription.
Chapter 6
Table 6.1 Mapping between attacks and threat in the cloud.
Chapter 8
Table 8.1 CSA: layers a cloud provider controls (2010).
Table 8.2 Standards organizations and their nationalities (2014).
Table 8.3 Cloud security and auditing publications (2014).
Chapter 9
Table 9.1 Security implications of cloud features.
Chapter 10
Table 10.1 Customer access control in three different cloud service models.
Chapter 11
Table 11.1 Exploit objectives and constituent technologies.
Chapter 13
Table 13.1 Accuracy of reviewed techniques/methods.
Chapter 15
Table 15.1 Examples of some popular commercial products based on the cloud se...
Table 15.2 List of fields (with their data types and descriptions) used in Go...
Table 15.3 list of fields (and their descriptions) used in amazon web service...
List of Illustrations
Chapter 1
Figure 1.1 Cloud components in the different types of cloud services.
Chapter 3
Figure 3.1 Overview of the Trusted Decrypter framework. On the tenant's side,...
Figure 3.2 Detailed design of the
Trusted Decrypter
.
Figure 3.3 Processing a
write
request. In Figure 3.3a, the data stream is rec...
Figure 3.4 TD prototype system.
Figure 3.5 Overhead of data‐path operations for read requests.
Figure 3.6 Comparing overheads for reads to HDD and SSD.
Chapter 4
Figure 4.1 Community cyber‐incident response governance.
Figure 4.2 OpenStack Access Control (OSAC) model with HMT.
Figure 4.3 Hierarchical multitenancy OSAC model with SID extension (OSAC‐HMT‐...
Figure 4.4 AWS access control within a single account.
Figure 4.5 AWS access control across accounts (users in account A access serv...
Figure 4.6 Amazon Web Services (AWS) Access Control model with SID extension ...
Figure 4.7 SID composition.
Figure 4.8 Azure Access Control (Azure‐AC) model.
Figure 4.9 Azure Access Control model with SID extension (Azure‐AC‐SID) (igno...
Chapter 5
Figure 5.1 The conceptual reference model.
Figure 5.2 Interactions between the Actors in cloud computing.
Figure 5.3 VULCAN: vulnerability assessment framework for cloud computing.
Figure 5.4 VULCAN framework: on‐demand web application.
Figure 5.5 Nemesis: automated Architecture for threat modeling and risk asses...
Figure 5.6 Nemesis Architecture: On‐demand web application.
Figure 5.7 Cockatoo workflow – high level view.
Figure 5.8 Office and Skype vulnerability index – OKB sample.
Figure 5.9 Office and Skype vulnerability index – OKB sample exploration.
Figure 5.10 Office and Skype exploitable vulnerabilities – OKB sample.
Figure 5.11 VULCAN framework – vulnerability assessment report template.
Figure 5.12 Office and Skype – exploitable vulnerabilities.
Figure 5.13 Office and Skype – STRIDE threat types' instances percentages.
Figure 5.14 Office and Skype – STRIDE threat types' instances severity ranks....
Chapter 7
Figure 7.1 High‐level architecture for security risk assessment and disaster ...
Figure 7.2 Generated dependency graph through system‐call interception.
Figure 7.3 Conditional probability table construction.
Chapter 8
Figure 8.1 Worldwide cloud market forecast (Garner Survey, 2014).
Figure 8.2 Global data center IP traffic growth (Cisco global index survey, 2...
Figure 8.3 Cloud consumers' issues (Gartner survey, 2014).
Chapter 9
Figure 9.1 Security controls mapped to cloud delivery models.
Figure 9.2 Security‐as‐a‐Service framework.
Figure 9.3 Security‐as‐a‐Service flowchart.
Figure 9.4 Two phases of the proposed framework that an enterprise should emp...
Chapter 10
Figure 10.1 Proposed cloud forensic model.
Chapter 12
Figure 12.1 Proposed cloud forensic model.
Chapter 13
Figure 13.1 Flowchart of phases two and three of the three‐phase guideline.
Figure 13.2 V01.log.
Figure 13.3 Example of file information for the files located in unallocated ...
Figure 13.4 Access key.
Chapter 15
Figure 15.1 Layers of the cloud computing environment owned by the customer a...
Figure 15.2 Draftback analytical interface.
Chapter 16
Figure 16.1 Bluepipe architecture (Gao et al. 2004).
Figure 16.2 Hansken architecture (Van Beek et al. 2015).
Figure 16.3 GRR architecture (Cruz et al. 2015).
Figure 16.4 Digital forensic‐as‐a‐service software stack (Wen et al. 2013).
Figure 16.5 Security enforcement in FaaS.
Guide
Cover
Table of Contents
Begin Reading
Pages
iii
iv
xv
xvi
1
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
129
130
131
132
133
134
135
136
137
138
139
140
141
143
144
145
146
147
148
149
150
151
152
153
154
155
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
339
340
341
342
343
344
345
346
347
348
349
350
351
352
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset