Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 22 / Issue 4

available in:   PDF (555 kB) PS (832 kB)
Similar Docs BibTeX   Read comments Write a comment
 Number of Comments:1
Links into Future
DOI:   10.3217/jucs-022-04-0494


Web Data Amalgamation for Security Engineering: Digital Forensic Investigation of Open Source Cloud

Asif Imran (University of Dhaka, Bangladesh)

Shadi A. Aljawarneh (Jordan University of Science and Technology, Jordan)

Kazi Sakib (University of Dhaka, Bangladesh)

Abstract: The largely distributed nature and growing demand for open source Cloud makes the infrastructure an ideal target for malicious attacks that grants unauthorized access to its data storage and posses a serious threat to Cloud software security. In case of any nefarious activity, the Cloud provenance information used by Digital Forensic experts to identify the issue is itself prone to tampering by the malicious entities and results in insecure software running in Cloud. This paper proposes a scheme that ensures Software Security and Security of Cloud provenance in a series of steps, the first of which involves binding the provenance journals with user-data from which those were derived. Next, mechanisms for merging provenance with unstructured web data for improved Security Intelligence (SI) is identified. Detection of attack models for nefarious malware activities in six Software as a Service (SaaS) applications running in real-life Cloud is taken as the research case and the performance of the proposed algorithms for those are analyzed. The Success Rates (SR) for melding the web data to secure provenance for the six specific SaaS applications are found to be 85.0554%, 96.7032%, 98.3871%, 93.9732%, 80.5000% and 84.9257% respectively. Hence, this paper proposes a framework for effectively ameliorating the current scheme of Cloud based Software Security, thereby achieving wider acceptance of open source Cloud.

Keywords: cloud provenance detection, cloud security intelligence, digital forensic investigation, distributed applications, integrity, protection, provenance-web data amalgamation, security, software security

Categories: D.2.11, D.4.6