Database Reference
In-Depth Information
However, when the suspect stores the files in a cloud, many complications
occur. For example, since the suspect does not have any files stored locally, seiz-
ing and imaging his drives do not yield any evidence. The law enforcement agents
can raid the cloud provider and seize the disks from there. However, that brings
on more complications—since a cloud is a shared resource, many other unrelated
people would have their data stored in those drives. Thus, seizure or imaging of
such drives will compromise the privacy and availability of many users of the
cloud.
The cloud service providers can provide access to all data belonging to a client
on request from law enforcement. However, the defense attorneys can claim that
the prosecution and the cloud provider have planted evidence to frame the suspect.
Since clouds intentionally hide their inner workings, this cannot be disproved using
the current cloud models. Maintaining a proper chain of custody for digital evidence
is also difficult.
19.3.9 m
isuse
D
eteCtion
Research Question 9
: How can we rapidly detect misbehavior of clients in a
cloud [18]?
Besides being used by legitimate users, clouds can be misused for malicious pur-
poses. For example, an attacker can rent thousands of machines in a cloud for a rela-
tively cheap price and then send spam or host temporary phishing sites or simply create
a botnet to launch denial of service attacks. In [10], Chen et al. discussed the threat of
using clouds for running brute forcers, spammer, or botnets.
Another usage of clouds is for password cracking. In fact, there are commer-
cial password cracking services such as WPACracker.com, which leverages cloud
computing to crack WPA passwords in less than 20 minutes using a rainbow table
approach.
19.3.10 r
esourCe
a
CCounting
anD
e
ConomiC
a
ttaCks
Research Question 10
: How do we ensure proper, verifiable accounting and prevent
attackers from exploiting the pay as you go model of clouds?
From the cloud user's point of view, accounting is also a critical issue. It is vital
to ensure that cloud users are only billed for resources they have consumed and also
that the consumption is what they were supposed to require given their application
requirements. Sekar et al. [32] proposed a model for verifiable accounting in clouds
where clients get a cryptographic proof of resource usage. Clouds are also subject
to economic attacks where attackers launch variations of denial of service attacks to
cause their victims to consume more cloud resources than needed and thereby cause
economic loss.
19.4 OPEN PROBLEMS
Many open problems remain in cloud and Big Data security. In this section, we dis-
cuss a few of these areas and the associated challenges.
Search WWH ::
Custom Search