Please use this identifier to cite or link to this item:
Title: quotIncident Handling in IaaS Cloud Environment using Digital Forensic Practicesquot
Guide(s): G. Geethakumari
Keywords: Computer Science, IaaS Cloud, Digital Forensic
University: Birla Institute of Technology and Science
Completed Date: 2018
Abstract: Cloud computing, as a computational paradigm, has enticed the information technology newlinecommunity to facilitate various services with less operational and maintenance costs. However,the occurrence of various cloud incidents is affecting the trust of users on the cloud environment. The scope of our work is to handle security incidents occurring at the Infrastructure as a Service (IaaS) cloud systems. Incident handling in cloud is relatively new and involves various technical, organizational and legal challenges. Traditional incident handling approaches cannot be directly applied to the cloud environment due to its unique aspects like multi-tenancy, physical inaccessibility, lack of transparency and rapid elasticity. newlineIn this thesis, we handle cloud incidents using the stages of digital forensics as this would increase the availability of evidences of the occurred incident which in turn would be the key factor in effective incident handling. We acquired various cloud specific evidences (vRAM, Service logs, Snapshots and newlinevDisk) at the IaaS user level and proposed the corresponding analysis approaches to handle cloud incidents. Since the integrity and availability of the vRAM evidence acquired at the virtual machine level is questionable, we proposed a trigger-based introspection model to capture reliable and relevant vRAM events without compromising on its transparency.Cloud systems introduce additional incident handling challenges with new evidences like service logs. We identified the role of service logs for effective incident handling and proposed newlinea model which can allow the incident handler to analyze the service logs effectively. newlineVirtual Machine (VM) snapshots in the cloud are generally used for backup and restoration newlinepurposes. We made use of these snapshots to handle cloud incidents by proposing a provenance system. Finally, we came up with a methodology for correlating multiple evidences,which can help the incident handler arrive at quick logical findings about the occurred cloud incident. The proposed models
Pagination: 162p.
Appears in Departments:Computer Science & Information Systems

Files in This Item:
File Description SizeFormat 
thesis_2013phxf0411h.pdfAttached File24.82 MBAdobe PDFView/Open

Items in Shodhganga are protected by copyright, with all rights reserved, unless otherwise indicated.