CURE—Towards enforcing a reliable timeline for cloud forensics: Model, architecture, and experiments

Roberto Battistoni, Roberto Di Pietro, Flavio Lombardi

Research output: Contribution to journalArticlepeer-review

17 Scopus citations

Abstract

A malicious alteration of system-provided timeline can negatively affect the reliability of computer forensics. Indeed, detecting such changes and possibly reconstructing the correct timeline of events is of paramount importance for court admissibility and logical coherence of collected evidence. However, reconstructing the correct timeline for a set of network nodes can be difficult since an adversary has a wealth of opportunities to disrupt the timeline and to generate a fake one. This aspect is exacerbated in cloud computing, where host and guest machine-time can be manipulated in various ways by an adversary. Therefore, it is important to guarantee the integrity of the timeline of events for cloud host and guest nodes, or at least to ensure that timeline alterations do not go undetected. This paper provides several contributions. First, we survey the issues related to cloud machine-time reliability. Then, we introduce a novel architecture (CURE) aimed at providing timeline resilience to cloud nodes. Further, we implement the proposed framework and extensively test it on both a simulated environment and on a real cloud. We evaluate and discuss collected results showing the effectiveness of our proposal.
Original languageEnglish (US)
Pages (from-to)29-43
Number of pages15
JournalComputer Communications
Volume91-92
DOIs
StatePublished - Jan 1 2016
Externally publishedYes

Bibliographical note

Generated from Scopus record by KAUST IRTS on 2023-09-20

Fingerprint

Dive into the research topics of 'CURE—Towards enforcing a reliable timeline for cloud forensics: Model, architecture, and experiments'. Together they form a unique fingerprint.

Cite this