Strategies for intrusion monitoring in cloud services

George R. S. Weir, Andreas Aßmuth

Research output: Contribution to conferencePaper

Abstract

Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activities. We outline an approach to intrusion monitoring that aims (i) to ensure the credibility of log data and (ii) provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired.

Conference

ConferenceThe Eighth International Conference on Cloud Computing, GRIDs, and Virtualization
Abbreviated titleCloud Computing 2017
CountryGreece
CityAthens
Period19/02/1723/02/17
Internet address

Fingerprint

Monitoring
Digital forensics

Keywords

  • cloud security
  • intrusion monitoring
  • message authentication codes
  • secret sharing

Cite this

Weir, G. R. S., & Aßmuth, A. (2017). Strategies for intrusion monitoring in cloud services. 1-5. Paper presented at The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece.
Weir, George R. S. ; Aßmuth, Andreas. / Strategies for intrusion monitoring in cloud services. Paper presented at The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece.5 p.
@conference{8919e06e821e46d9ac833f0b58dfa81d,
title = "Strategies for intrusion monitoring in cloud services",
abstract = "Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activities. We outline an approach to intrusion monitoring that aims (i) to ensure the credibility of log data and (ii) provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired.",
keywords = "cloud security, intrusion monitoring, message authentication codes, secret sharing",
author = "Weir, {George R. S.} and Andreas A{\ss}muth",
year = "2017",
month = "1",
day = "27",
language = "English",
pages = "1--5",
note = "The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Cloud Computing 2017 ; Conference date: 19-02-2017 Through 23-02-2017",
url = "http://www.iaria.org/conferences2017/CLOUDCOMPUTING17.html",

}

Weir, GRS & Aßmuth, A 2017, 'Strategies for intrusion monitoring in cloud services' Paper presented at The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece, 19/02/17 - 23/02/17, pp. 1-5.

Strategies for intrusion monitoring in cloud services. / Weir, George R. S.; Aßmuth, Andreas.

2017. 1-5 Paper presented at The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece.

Research output: Contribution to conferencePaper

TY - CONF

T1 - Strategies for intrusion monitoring in cloud services

AU - Weir, George R. S.

AU - Aßmuth, Andreas

PY - 2017/1/27

Y1 - 2017/1/27

N2 - Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activities. We outline an approach to intrusion monitoring that aims (i) to ensure the credibility of log data and (ii) provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired.

AB - Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activities. We outline an approach to intrusion monitoring that aims (i) to ensure the credibility of log data and (ii) provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired.

KW - cloud security

KW - intrusion monitoring

KW - message authentication codes

KW - secret sharing

M3 - Paper

SP - 1

EP - 5

ER -

Weir GRS, Aßmuth A. Strategies for intrusion monitoring in cloud services. 2017. Paper presented at The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece.