Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security & Privacy

ISEA-ISAP 2019: Security and Privacy pp 77–88Cite as

BlockSLaaS: Blockchain Assisted Secure Logging-as-a-Service for Cloud Forensics

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 939))

Abstract

Cloud computing has become a prominent and widespread technology nowadays. However, it agonized due to incremental serious security issues. To solve these issues forensic techniques needs to be applied in cloud. Log is a paramount element in forensic investigations to reveal 3W i.e. who, what, when of happened suspicious activity. That’s the reason, secure preservation and investigation of different logs is an essential job for cloud forensics. Due to very little control over the clouds, it’s very difficult to collect authentic logs from cloud environment while preserving integrity and confidentiality. Till today, forensic investigator has to trust Cloud Service Provider (CSP), who collect the logs from individual sources of cloud environment. However, untrusted stakeholders of cloud and malicious entities from outside the cloud can collude with each other to alter the logs after the fact and remain untraceable. Thus, validity of the provided logs for forensics can be questionable. In this paper, we proposed forensic aware blockchain assisted secure logging-as-a-service for cloud environment to securely store and process logs by tackling multi-stakeholder collusion problem and ensuring integrity & confidentiality. The integrity of logs is ensured using immutable property of blockchain technology. Cloud Forensic Investigator (CFI) can only be able to access the logs for forensic investigation by BlockSLaaS, which preserves confidentiality of logs.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Columbus, L.: Cloud computing market projected to reach 411B dollar by 2020 (2017). https://goo.gl/hmKeK1. Accessed 09 July 2018

  2. Ashford, W.: Ransomware to hit cloud computing in 2018, predicts MIT (2018). https://goo.gl/9JoHhj. Accessed 26 Apr 2018

  3. Congress of the United States. Sarbanes-Oxley Act (2002). http://goo.gl/YHwujG. Accessed 20 Mar 2015

  4. www.hhs.gov. Health Information Privacy. http://goo.gl/NxgkMi. Accessed 20 Mar 2015

  5. Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Special Publication 800-86 (2006)

    Google Scholar 

  6. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1, 2012 (2008)

    Google Scholar 

  7. Marty, R.: Cloud application logging for forensics. In: Proceedings of the 2011 ACM Symposium on Applied Computing (SAC11), Taichung, Taiwan, pp. 178–184. ACM, March 2011

    Google Scholar 

  8. Birk, D., Wegener, C.: Technical issues of forensic investigations in cloud computing environments. In: SADFE, pp. 1–10. IEEE (2011)

    Google Scholar 

  9. Balduzzi, M., Zaddach, J., Balzarotti, D., Kirda, E., Loureiro, S.: A security analysis of Amazon’s elastic compute cloud service. In: Symposium on Applied Computing, pp. 1427–1434. ACM (2012)

    Google Scholar 

  10. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  11. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)

    Article  Google Scholar 

  12. Infosecurity-magazine. Ddos-ers launch attacks from Amazon ec2, July 2014. http://goo.gl/vrXrHE. Accessed 1 Jan 2018

  13. Melland, P., Grance, T.: Nist cloud computing forensic science challenges. NIST Cloud Computing Forensic Science Working Group, Information Technology Laboratory, Draft NISTIR 8006, June 2014

    Google Scholar 

  14. Zawoad, S., Hasan, R.: Digital forensics in the cloud. J. Defense Softw. Eng. 26(5), 17–20 (2013)

    Google Scholar 

  15. Dykstra, J., Sherman, A.: Acquiring forensic evidence from infrastructure-as-aservice cloud computing: exploring and evaluating tools, trust, and techniques. J. Digit. Invest. 9, S90–S98 (2012). https://doi.org/10.1016/j.diin.2012.05.001

    Article  Google Scholar 

  16. Patrascu, A., Patriciu, V.-V.: Logging system for cloud computing forensic environments. J. Control Eng. Appl. Inform. 16(1), 80–88 (2014)

    Google Scholar 

  17. Khan, S., Gani, A., Wahab, A., et al.: Cloud log forensics: foundations, state of the art, and future directions. ACM Comput. Surv. 49(1) https://doi.org/10.1145/2906149 (2016). Article 7

    Article  Google Scholar 

  18. Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-aservice for cloud forensics. In: ASIACCS, pp. 219–230. ACM (2013)

    Google Scholar 

  19. Zawoad, S., Dutta, A., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secure Comput. 13(2), 148–162 (2016). https://doi.org/10.1109/TDSC.2015.2482484

    Article  Google Scholar 

  20. Ruan, K., Carthy, J., Kechadi, T., Baggili, I.: Cloud forensics denitions and critical criteria for cloud forensic capability: an overview of survey results. Digital Invest. 10(1), 34–43 (2013)

    Article  Google Scholar 

  21. Zawoad, S., Hasan, R.: Cloud forensics: a meta-study of challenges, approaches, and open problems arXiv: 1302.6312v1 [cs.DC] 26 February 2013

  22. Kent, K., Souppaya, M.: Guide to computer security log management. Technical report. NIST Special Publication 800-92 (2006)

    Google Scholar 

  23. Dykstra, J., Sherman, A.: Understanding issues in cloud forensics: two hypothetical case studies. Cyber Defense Lab, Department of CSEE, University of Maryland, Baltimore County (UMBC) (2011)

    Google Scholar 

  24. Cohen, F.: Challenges to digital forensic evidence in the cloud. In: Ruan, K. (ed.) Cybercrime and Cloud Forensics: Applications for Investigation Processes, pp. 59–78. IGI Global, December 2012

    Google Scholar 

  25. Khajeh-Hosseini, A., Greenwood, D., Sommerville, I.: Cloud migration: a case study of migrating an enterprise it system to IaaS. In: Proceedings of the 3rd International Conference on Cloud Computing (CLOUD), pp. 450–457. IEEE (2010)

    Google Scholar 

  26. Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2011. IAICT, vol. 361, pp. 35–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24212-0_3

    Chapter  Google Scholar 

  27. Grispos, G., Glisson, W., Storer, T.: Calm before the Storm: the emerging challenges of cloud commuting in digital forensics. University of Glasgow (2012)

    Google Scholar 

  28. Zafarullah, Z., Anwar, F., Anwar, Z.: Digital forensics for eucalyptus. In: FIT, pp. 110–116. IEEE (2011)

    Google Scholar 

  29. Thorpe, S., Ray, I.: Detecting temporal inconsistency in virtual machine activity timelines. J. Inf. Assur. Secur. 7(1), 24–31 (2012)

    Google Scholar 

  30. Thorpe, S., Ray, I., Grandison, T., Barbir, A., France, R.: Hypervisor event logs as a source of consistent virtual machine evidence for forensic cloud investigations. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 97–112. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_7

    Chapter  Google Scholar 

  31. Ray, I., Belyaev, K., Strizhov, M., Mulamba, D., Rajaram, M.: Secure logging as a service delegating log management to the cloud. IEEE Syst. J. 7(2), 323–334 (2013)

    Article  Google Scholar 

  32. Hyperledger FabricDocs Documentation, Hyperledger. https://readthedocs.org/projects/hyperledger-fabric/downloads/pdf/latest/hyperledger-fabric.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Technology, Savitribai Phule Pune University, Pune, Maharashtra, India

    Sagar Rane & Arati Dixit

Authors
  1. Sagar Rane
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arati Dixit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Sagar Rane or Arati Dixit .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Guwahati, Guwahati, India

    Sukumar Nandi

  2. Indian Institute of Technology Jammu, Jammu, India

    Devesh Jinwala

  3. Indian Institute of Technology Bombay, Mumbai, India

    Virendra Singh

  4. Malaviya National Institute of Technology, Jaipur, India

    Vijay Laxmi

  5. Indian Institute of Technology Jammu, Jammu, Jammu and Kashmir, India

    Manoj Singh Gaur

  6. Department of Technical Education, Government of Gujarat, Rajkot, India

    Parvez Faruki

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rane, S., Dixit, A. (2019). BlockSLaaS: Blockchain Assisted Secure Logging-as-a-Service for Cloud Forensics. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-7561-3_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-7560-6

  • Online ISBN: 978-981-13-7561-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation