TY - JOUR
T1 - CURE—Towards enforcing a reliable timeline for cloud forensics: Model, architecture, and experiments
AU - Battistoni, Roberto
AU - Di Pietro, Roberto
AU - Lombardi, Flavio
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2016/1/1
Y1 - 2016/1/1
N2 - A malicious alteration of system-provided timeline can negatively affect the reliability of computer forensics. Indeed, detecting such changes and possibly reconstructing the correct timeline of events is of paramount importance for court admissibility and logical coherence of collected evidence. However, reconstructing the correct timeline for a set of network nodes can be difficult since an adversary has a wealth of opportunities to disrupt the timeline and to generate a fake one. This aspect is exacerbated in cloud computing, where host and guest machine-time can be manipulated in various ways by an adversary. Therefore, it is important to guarantee the integrity of the timeline of events for cloud host and guest nodes, or at least to ensure that timeline alterations do not go undetected. This paper provides several contributions. First, we survey the issues related to cloud machine-time reliability. Then, we introduce a novel architecture (CURE) aimed at providing timeline resilience to cloud nodes. Further, we implement the proposed framework and extensively test it on both a simulated environment and on a real cloud. We evaluate and discuss collected results showing the effectiveness of our proposal.
AB - A malicious alteration of system-provided timeline can negatively affect the reliability of computer forensics. Indeed, detecting such changes and possibly reconstructing the correct timeline of events is of paramount importance for court admissibility and logical coherence of collected evidence. However, reconstructing the correct timeline for a set of network nodes can be difficult since an adversary has a wealth of opportunities to disrupt the timeline and to generate a fake one. This aspect is exacerbated in cloud computing, where host and guest machine-time can be manipulated in various ways by an adversary. Therefore, it is important to guarantee the integrity of the timeline of events for cloud host and guest nodes, or at least to ensure that timeline alterations do not go undetected. This paper provides several contributions. First, we survey the issues related to cloud machine-time reliability. Then, we introduce a novel architecture (CURE) aimed at providing timeline resilience to cloud nodes. Further, we implement the proposed framework and extensively test it on both a simulated environment and on a real cloud. We evaluate and discuss collected results showing the effectiveness of our proposal.
UR - https://linkinghub.elsevier.com/retrieve/pii/S0140366416301141
UR - http://www.scopus.com/inward/record.url?scp=85027886024&partnerID=8YFLogxK
U2 - 10.1016/j.comcom.2016.03.024
DO - 10.1016/j.comcom.2016.03.024
M3 - Article
SN - 0140-3664
VL - 91-92
SP - 29
EP - 43
JO - Computer Communications
JF - Computer Communications
ER -