Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform
| dc.contributor.author | Dykstra, Josiah | |
| dc.contributor.author | Sherman, Alan T. | |
| dc.date.accessioned | 2019-02-21T15:58:07Z | |
| dc.date.available | 2019-02-21T15:58:07Z | |
| dc.date.issued | 2013-08 | |
| dc.description | The Proceedings of the Thirteenth Annual DFRWS Conference | en_US |
| dc.description.abstract | We describe the design, implementation, and evaluation of FROST|three new forensic tools for the OpenStack cloud platform. Operated through the management plane, FROST provides the rst dedicated forensics capabilities for OpenStack, an open-source cloud platform for private and public clouds. Our implementation supports an Infrastructure- as-a-Service (IaaS) cloud and provides trustworthy forensic acquisition of virtual disks, API logs, and guest rewall logs. Unlike traditional acquisition tools, FROST works at the cloud management plane rather than interacting with the operating system inside the guest virtual machines, thereby requiring no trust in the guest machine. We assume trust in the cloud provider but FROST overcomes non-trivial challenges of remote evidence integrity by storing log data in hash trees and returning evidence with cryptographic hashes. Our tools are user-driven, allowing customers, forensic examiners, and law enforcement to conduct investigations without necessitating interaction with the cloud provider. We demonstrate through examples how forensic investigators can independently use our new features to obtain forensically- sound data. Our evaluation demonstrates the e ectiveness of our approach to scale in a dynamic cloud environment. The design supports an extensible set of forensic objectives, including the future addition of other data preservation, discovery, real-time monitoring, metrics, auditing, and acquisition capabilities. | en_US |
| dc.description.sponsorship | We thank Simson Gar nkel, Ken Zatyko, and Tim Leschke for helpful comments on early drafts. We also thank Ron Rivest and Stuart Haber for insights and sug- gestions related to hash trees. Sherman was supported in part by the Department of Defense under IASP grant H98230-11-1-0473 and by the National Science Foundation under SFS grant 1241576. Dykstra was supported in part by an AWS in Education grant award. | en_US |
| dc.description.uri | https://www.sciencedirect.com/science/article/pii/S174228761300056X | en_US |
| dc.format.extent | 9 pages | en_US |
| dc.genre | conference papers and proceedings | en_US |
| dc.identifier | doi:10.13016/m2munv-fumm | |
| dc.identifier.citation | Josiah Dykstra, Alan T. Sherman, Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform, Digital Investigation Volume 10, Supplement, August 2013, Pages S87-S95, https://doi.org/10.1016/j.diin.2013.06.010 | en_US |
| dc.identifier.uri | https://doi.org/10.1016/j.diin.2013.06.010 | |
| dc.identifier.uri | http://hdl.handle.net/11603/12833 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | Elsevier B.V. | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Center for Research and Exploration in Space Sciences & Technology II (CRSST II) | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | Attribution-NonCommercial-NoDerivs 4.0 International (CC BY-NC-ND 4.0 DEED) | |
| dc.rights | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | openstack | en_US |
| dc.subject | cloud computing | en_US |
| dc.subject | digital forensics | en_US |
| dc.subject | cloud forensics | en_US |
| dc.subject | FROST | en_US |
| dc.title | Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform | en_US |
| dc.type | Text | en_US |
| dcterms.creator | https://orcid.org/0000-0003-1130-4678 |