JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2017, Vol. 52 ›› Issue (6): 84-91.doi: 10.6040/j.issn.1671-9352.3.2016.003

Previous Articles     Next Articles

A real-time monitoring and forensics method under the IaaS model

YANG Shu-mian1,2, WANG Lian-hai1,2, ZHANG Shu-hui1,2, XU Shu-jiang1,2, LIU Guang-qi1,2   

  1. 1. Shandong Computer Science Center(National Supercomputer Center in Jinan), Jinan 250014, Shandong, China;
    2. Shandong Provincial Key Laboratory of Computer Networks, Jinan 250014, Shandong, China
  • Received:2016-09-22 Online:2017-06-20 Published:2017-06-21

PDF (PC)

789

Abstract: To ensure the security of virtual machines in the cloud and look for complete and reliable evidence of a crime from the cloud, the paper presented a real-time cloud monitoring forensics method and developed a cloud monitoring forensic system based on physical memory analysis. The specific design and implementation were given. The agent system only needs to run on a physical host. By acquiring and analyzing the host's physical memory, the agent can effectively acquire the important information of virtual machines of the IaaS infrastructure layer. Finally, the paper gives analysis extraction of information and anomaly detection in the KVM/Xen virtualized environment. Results show that the monitoring forensic method can obtain the important information and prevent the virtual hosts running malicious software, illegal crime and other issues.

Key words: cloud security, virtualization, cloud monitoring forensics, physical memory analysis

CLC Number: 

  • TP309
[1] SIMSON L G. Digital forensics research: the next 10 years[J]. Digital Investigation, 2010(7):64-73.
[2] WANG Lianhai. A method on extracting network connection information from 64-bit windows 7 memory images[J]. China Communications, 2010, 7(6):44-51.
[3] XU Lijuan, WANG Lianhai, ZHANG Lei, et al. Acquisition of network connection status information from physical memory on windows vista operating system[J]. China Communications, 2010, 7(6):71-77.
[4] WANG Lianhai, ZHANG Ruichao, ZHANG Shuhui. A model of computer live forensics based on physical memory analysis[C] // Proceedings of the 1st IEEE International Conference on Information Science and Engineering(ICISE'09). Washington:IEEE Computer Society, 2009:4647-4649.
[5] ZHANG Ruichao, WANG Lianhai, ZHANG Shuhui. Windows memory analysis based on KPCR[C] // Proceedings of the 5th International Conference on Information Assurance and Security(IAS '09). New York:IEEE, 2009:677-680.
[6] WANG X, HEMBROFF G C, YEDICA R. Using VMware VCenter Lab manager in undergraduate education for system administration and network security[C] // Proccedings of ACM Conference on Information Technology Education. New York:ACM, 2010: 43-51.
[7] Xenserver SDK overview. XenCenter [EB/OL].[2016-05-12]. http://community.citrix.com/display/xs/XenCenter.
[8] BOLTE M, SIEVERS M, Birkenheuer G, et al. Non-intrusive virtualization management using Libvirt[C] // Proceedings of the Conference on Design, Automation and Test in Europe.[S.l.] :[s.n.] , 2010:574-579.
[9] 丁丽萍,谢亚龙. 一种云计算环境下的取证方法及系统:中国,CN102739774A [P].2012-10-17. DING Liping, XIE Yalong. A forensic method and system in cloud computing environment: China,CN102739774A[P]. 2012-10-17.
[10] 李小勇,杨月华. 基于分布式代理的云资源调度中可信数据获取机制[J]. 中国通信,2011,8(6):108-116. LI Xiaoyong, YANG Yuehua. Trusted data acquisition mechanism for cloud resource scheduling based on distributed agent[J].China Communications, 2011, 8(6):108-116.
[11] 公伟,刘培玉,迟学芝,等. 云取证模型的构建与分析[J]. 计算机工程,2012,38(11):14-16. GONG Wei, LIU Peiyu, CHI Xuezhi, et al. Construction and analysis of cloud forensics model[J].Computer Engineering, 2012, 38(11):14-16.
[12] 武鲁,王连海,顾卫东. 基于云的计算机取证系统研究[J]. 计算机科学,2012,39(5):83-85. WU Lu, WANG Lianhai, GU Weidong. Research on computer forensics system based on cloud computing[J].Computer Science, 2012, 39(5):83-85.
[13] 丁秋峰,孙国梓. 云计算环境下取证技术研究[J]. 信息网络安全,2011,(11):36-38. DING Qiufeng,SUN Guozi. Cloud computing forensics technology[J].Netinfo Security, 2011(11):36-38.
[14] 郭永健. 云冲击下的云取证难点及其要解决的问题 [EB/OL].[2016-03-04]. http://www.docin.com/p-336854190.html.
[1] RUAN Shu-hua, WENG Jun-hao, MAO Hui, CHEN Xue-lian. Metric model for cloud computing security risk assessment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(3): 71-76.
[2] WU Di, WANG Li-na, YU Rong-wei, ZHANG Xin, XU Lai. Multidimensional data visualization in cloud platform security monitoring [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(6): 56-63.
[3] CHEN Guang-rui, CHEN Xing-shu, WANG Yi-tong, GE Long. A software update mechanism for virtual machines in IaaS multi-tenant environment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(3): 60-67.
[4] ZOU De-qing, YANG Kai, ZHANG Xiao-xu, YUAN Bo-yang, FENG Ming-lu. Protection mechanism research of access control system in virtual domain [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 135-141.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd