云计算取证模型

doi:10.11959/j.issn.2096-109x.2017.00194

网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (9): 13-23.doi: 10.11959/j.issn.2096-109x.2017.00194

云计算取证模型

高元照^1,²,李学娟³,李炳龙^1,²(),吴熙曦⁴

¹ 信息工程大学，河南郑州 450001
² 数学工程与先进计算国家重点实验室，河南郑州 450001
³ 河南理工大学审计处，河南焦作 454010
⁴ 白城兵器试验中心，吉林白城 137000

修回日期:2017-09-04 出版日期:2017-09-01 发布日期:2017-10-18
作者简介:高元照（1992-），男，河北衡水人，信息工程大学博士生，主要研究方向为云计算取证。|李学娟（1974-），女，河南卫辉人，河南理工大学工程师，主要研究方向为控制理论与控制工程。|李炳龙（1974-），男，河南卫辉人，博士，信息工程大学副教授，主要研究方向为数字取证。|吴熙曦（1990-），女，四川成都人，白城兵器试验中心助理工程师，主要研究方向为网络安全。
基金资助:
国家高技术研究发展计划（“863”计划）基金资助项目(2015AA01600);国家自然科学基金资助项目(60903220)

Cloud computing forensic model

Yuan-zhao GAO^1,²,Xue-juan LI³,Bing-long LI^1,²(),Xi-xi WU⁴

¹ Information Engineering University,Zhengzhou 450001,China
² State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
³ Audit Department of Henan Polytechnic University,Jiaozuo 454010,China
⁴ Baicheng Weapon Testing Center,Baicheng 137000,China

Revised:2017-09-04 Online:2017-09-01 Published:2017-10-18
Supported by:
The National High Technology Research and Development Program of China (863 Program)(2015AA01600);The National Natural Science Foundation of China(60903220)

摘要/Abstract

摘要：

针对云取证面临的主要挑战，分析云计算特性，提出了一种云取证模型。提出了持续性取证准备服务的部署、基于“迭代”的多轮次证据识别策略和分布式文件系统的多层级数据定位方法、基于“数据隔离”和“按需收集”策略的证据收集方法、基于云计算资源的综合性证据分析平台的建立。最后，结合云环境下的取证场景，分析了该模型的有效性。

关键词: 云计算, 云取证, 取证模型, 取证策略, 取证方法

Abstract:

Aiming at the main challenges facing cloud forensics,cloud characteristics were analyzed and a cloud forensic model was proposed.In the model,the deployment of persistent forensic readiness service,multi-round identification strategy based on “iteration” and multi-level evidence location method for distributed file system,“data isolation” and “on-demand collection” strategies,and the establishment of comprehensive evidence analysis platform based on cloud resources were presented.Finally,the validity of the model was analyzed combining the forensic scene in the cloud environment.

Key words: cloud computing, cloud forensics, forensic model, forensic strategy, forensic method

中图分类号:

TP311

高元照,李学娟,李炳龙,吴熙曦. 云计算取证模型[J]. 网络与信息安全学报, 2017, 3(9): 13-23.

Yuan-zhao GAO,Xue-juan LI,Bing-long LI,Xi-xi WU. Cloud computing forensic model[J]. Chinese Journal of Network and Information Security, 2017, 3(9): 13-23.

图/表 3

参考文献 36

[1]	PASQUALE L , HANVEY S , MCGLOIN M ,et al. Adaptive evidence collection in the cloud using attack scenarios[J]. Computers＆ Security, 2016,59(6): 236-254.
[2]	林闯, 苏文博, 孟坤 ,等. 云计算安全:架构、机制与模型评价[J]. 计算机学报, 2013,36(9): 1765-1784.
	LIN C , SU W B , MENG K ,et al. Cloud computing security:architecture,mechanism,and modeling[J]. Chinese Jourral of Cornputer, 2013,36(9): 1765-1784.
[3]	SALINAS S , LEE M , COTY S ,et al. Cloud security report 2015[R]. Houston:Alter Logic, 2015.
[4]	SIMOUS S , KALLONIATIS C , KAVAKLI E ,et al. Cloud forensics:identifying the major issues and challenges[J]. Lecture Notes in Computer Science, 2014,8484: 271-284.
[5]	中国云计算安全政策与法律蓝皮书（2014）[EB/OL]. .
	Cloud computing security policies and laws blue book of China(2014)[EB/OL]. .
[6]	ARCHER J , CULLIANCE D , PUHLMANN N ,et al. Security guidance for critical areas of focus in cloud computing v3.0[R]. St Petersburg:Cloud Security Alliance, 2011.
[7]	RUAN K , CARTHY J , KECHADI T ,et al. Cloud forensics definitions and critical criteria for cloud forensic capability:an overview of survey results[J]. Digital Investigation, 2013,10(1): 34-43.
[8]	MELL P , GRANCE T . The NIST definition of cloud computing[R]. Gaithersburg:NIST, 2011.
[9]	杨泽明, 刘宝旭, 许榕生 . 数字取证研究现状与发展态势[J]. 科研信息化技术与应用, 2015,6(1): 3-11.
	YANG Z M , LIU B X , XU R S . Current situation and trend of digital forensics research[J]. e-Science Technology ＆ Application, 2015,6(1): 3-11.
[10]	PICHAN A , LAZARESCU M , SOH S T . Cloud forensics:technical challenges,solutions and comparative analysis[J]. Digital Investigation, 2015,13: 38-57.
[11]	QUICK D , CHOO K K R . Impacts of increasing volume of digital forensic data:A survey and future research challenges[J]. Digital Investigation, 2014,11(4): 273-294.
[12]	MARTINI B , CHOO K K R . Distributed filesystem forensics:XtreemFS as a case study[J]. Digital Investigation, 2014,11(4): 295-313.
[13]	SIBIYA G , VENTER H S , FOGWILL T . Digital forensics in the cloud:the state of the art[C]// 2015 IST-Africa Conference. 2015: 1-9.
[14]	ALEX M E , KISHORE R . Forensics framework for cloud computing[J]. Computers ＆ Electrical Engineering, 2017,60(4): 193-205.
[15]	ZAWOAD S , DUTTA A K , HASAN R . SecLaaS:secure logging-as-a-service for cloud forensics[C]// The 8th ACM SIGSAC Symposium on Information,Computer and Communications Security. 2013: 219-230.
[16]	BIRK D , WEGENER C . Technical issues of forensic investigations in cloud computing environments[C]// The 2011 IEEE 6th International Workshop on Systematic Approaches to Digital Forensic Engineering. 2011: 1-10.
[17]	VACCA J R . Computer forensics:computer crime scene investigation[M]. Hingham: Charles River MediaPress, 2013.
[18]	GRISPOS G , STORER T , GLISSON W . Calm before the storm:the challenges of cloud computing in digital forensics[J]. International Journal of Digital Crime and Forensics, 2012,4(2): 28-48.
[19]	TAYLOR M , HAGGERTY J , GRESTY D ,et al. Digital evidence in cloud computing systems[J]. Computer Law ＆ Security Report, 2010,26(3): 304-308.
[20]	ALQAHTANY S , CLARKE N , FURNELL S ,et al. A forensic acquisition and analysis system for IaaS[J]. Cluster Computing, 2016,19(1): 439-453.
[21]	GRIER J . Detecting data theft using stochastic forensics[J].Digital Investigation,2011,8:S71-S77. Digital Investigation, 2011,8: S71-S77.
[22]	PUTHAL D , SAHOO B P S , MISHRA S ,et al. Cloud Computing Features,Issues,and Challenges:A Big Picture[C]// The International Conference on Computational Intelligence ＆ Networks, 2015: 116-123.
[23]	ZAWOAD S , HASAN R , SKJELLUM A . OCF:an open cloud forensics model for reliable digital forensics[C]// 2015 IEEE 8th International Conference on Cloud Computing (CLOUD). 2015: 437-444.
[24]	MARTINI B , CHOO K K R . An integrated conceptual digital forensic framework for cloud computing[J]. Digital Investigation, 2012,9(2): 71-80.
[25]	谢亚龙, 丁丽萍, 林渝淇 ,等. ICFF:一种IaaS模式下的云取证框架[J]. 通信学报, 2013,34(5): 200-206.
	XIE Y L , DING L P , LIN Y Q ,et al. ICFF:a cloud forensics framework under the IaaS model[J]. Journal on Communications, 2013,34(5): 200-206.
[26]	RISTENPART T , TROMER E , SHACHAM H ,et al. Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds[C]// ACM Conference on Computer and Communications Security. 2009: 199-212.
[27]	FAHDI M A , CLARKE N L , LI F ,et al. A suspect-oriented intelligent and automated computer forensic analysis[J]. Digital Investigation, 2016,18: 65-76.
[28]	Using graphviz as a library (cgraph version)[EB/OL]. .
[29]	Documentation[EB/OL]. .
[30]	REITH M , CARR C , GUNSCH G . An examination of digital forensic models[J]. International Journal of Digital Evidence, 2002,1(3): 1-12.
[31]	丁丽萍, 王永吉 . 多维计算机取证模型研究[J]. 信息网络安全, 2005(11): 5-9.
	DINH L P , WANG Y J . Multi-dimension forensics model research[J]. NeTINFO Security, 2005(11): 5-9.
[32]	TRENWITH P M , VENTER H S . A digital forensic model for providing better data provenance in the cloud[C]// The Information Security for South Africa. 2014: 1-6.
[33]	周刚 . 云计算环境中面向取证的现场迁移技术研究[D]. 武汉:华中科技大学, 2011.
	ZHOU G . Research on forensics-oriented site migration technology in cloud computing environment[D]. Wuhan:Huazhong University of Science and Technology, 2011.
[34]	SIMOUS S , KALLONIATIS C , MOURATIDIS H ,et al. Towards the development of a cloud forensics methodology:a conceptual model[J]. Lecture Notes in Business Information Processing, 2015,215: 470-481.
[35]	LIM S H . Implementation of MapReduce model for disk forensic computing analysis[J]. Lecture Notes in Electrical Engineering, 2012,164: 577-584.
[36]	POVAR D , SAIBHARATH , GEETHAKUMARI G . Real-time digital forensic triaging for cloud data analysis using MapReduce on Hadoop framework[J]. International Journal of Electronic Security ＆ Digital Forensics, 2014,7(2): 119-133.

云计算取证模型

Cloud computing forensic model

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 36

相关文章 15

Metrics

推荐阅读 0

[1]	李凌书, 邬江兴, 曾威, 刘文彦. 容器云中基于信号博弈的容器迁移与蜜罐部署策略[J]. 网络与信息安全学报, 2022, 8(3): 87-96.
[2]	刘尚, 郭银章. 云计算多授权中心CP-ABE代理重加密方案[J]. 网络与信息安全学报, 2022, 8(3): 176-188.
[3]	张艺, 田立勤, 毋泽南, 武文星. 基于FANP的云用户行为信任评估优化机制[J]. 网络与信息安全学报, 2022, 8(2): 175-182.
[4]	吴颖,李璇,金彪,金榕榕. 隐私保护的图像内容检索技术研究综述[J]. 网络与信息安全学报, 2019, 5(4): 14-28.
[5]	李颖, 马春光. 可搜索加密研究进展综述[J]. 网络与信息安全学报, 2018, 4(7): 13-21.
[6]	于孟洋,林晖,田有亮. 移动云计算中一种新的跨层信誉机制[J]. 网络与信息安全学报, 2018, 4(3): 51-58.
[7]	王元昊,李宏博,崔钰钊,郭庆文,黄琼. 具有密文等值测试功能的公钥加密技术综述[J]. 网络与信息安全学报, 2018, 4(11): 13-22.
[8]	张建标,朱元曦,胡俊,王晓. 面向云环境的虚拟机可信迁移方案[J]. 网络与信息安全学报, 2018, 4(1): 6-14.
[9]	李维奉,羌卫中,李伟明,邹德清. 云环境隐私侵犯取证研究[J]. 网络与信息安全学报, 2018, 4(1): 26-35.
[10]	袁得嵛,王小娟,万建超. “互联网+”对网络空间安全影响及未来发展趋势[J]. 网络与信息安全学报, 2017, 3(5): 1-9.
[11]	施江勇,杨岳湘,李文华,王森. 基于SDN的云安全应用研究综述[J]. 网络与信息安全学报, 2017, 3(5): 10-25.
[12]	陈飞,毕小红,王晶晶,刘渊. DDoS攻击防御技术发展综述[J]. 网络与信息安全学报, 2017, 3(10): 16-24.
[13]	孙光,樊晓平,蒋望东,周航军,刘胜宗,龚春红,朱静. 云计算环境约束下的软件水印方案[J]. 网络与信息安全学报, 2016, 2(9): 12-21.
[14]	冯丙文,翁健,卢伟. 基于隐私保护的数字图像取证外包技术框架研究[J]. 网络与信息安全学报, 2016, 2(8): 23-31.
[15]	张亮轩,李晖. 云计算中支持有效用户撤销的多授权方基于属性加密方案[J]. 网络与信息安全学报, 2016, 2(2): 62-74.