hadoop分布式存储平台外文翻译文献.docx
《hadoop分布式存储平台外文翻译文献.docx》由会员分享,可在线阅读,更多相关《hadoop分布式存储平台外文翻译文献.docx(47页珍藏版)》请在冰点文库上搜索。
hadoop分布式存储平台外文翻译文献
hadoop分布式存储平台外文翻译文献
(文档含中英文对照即英文原文和中文翻译)
原文:
TechnicalIssuesofForensicInvestigationsinCloud
ComputingEnvironments
DominikBirkRuhr-UniversityBochum
HorstGoertzInstituteforITSecurityBochum,Germany
Ruhr-UniversityBochumHorstGoertzInstituteforITSecurity
Bochum,Germany
Abstract—CloudComputingisarguablyoneofthemostdiscussedinformationtechnologiestoday.Itpresentsmanypromisingtechnologicalandeconomicalopportunities.However,manycustomersremainreluctanttomovetheirbusinessITinfrastructurecompletelytothecloud.OneoftheirmainconcernsisCloudSecurityandthethreatoftheunknown.CloudServiceProviders(CSP)encouragethisperceptionbynotlettingtheircustomersseewhatisbehindtheirvirtualcurtain.Aseldomlydiscussed,butinthisregardhighlyrelevantopenissueistheabilitytoperformdigitalinvestigations.Thiscontinuestofuelinsecurityonthesidesofbothprovidersandcustomers.CloudForensicsconstitutesanewanddisruptivechallengeforinvestigators.Duetothedecentralizednatureofdataprocessinginthecloud,traditionalapproachestoevidencecollectionandrecoveryarenolongerpractical.Thispaperfocusesonthetechnicalaspectsofdigitalforensicsindistributedcloudenvironments.Wecontributebyassessingwhetheritispossibleforthecustomerofcloudcomputingservicestoperformatraditionaldigitalinvestigationfromatechnicalpointofview.Furthermorewediscusspossiblesolutionsandpossiblenewmethodologieshelpingcustomerstoperformsuchinvestigations.
I.INTRODUCTION
Althoughthecloudmightappearattractivetosmallaswellastolargecompanies,itdoesnotcomealongwithoutitsownuniqueproblems.Outsourcingsensitivecorporatedataintothecloudraisesconcernsregardingtheprivacyandsecurityofdata.Securitypolicies,companiesmainpillarconcerningsecurity,cannotbeeasilydeployedintodistributed,virtualized
cloudenvironments.Thissituationisfurthercomplicatedbytheunknownphysicallocationofthecompanie’sassets.Normally,ifasecurityincidentoccurs,thecorporatesecurityteamwantstobeabletoperformtheirowninvestigationwithoutdependencyonthirdparties.Inthecloud,thisisnotpossibleanymore:
TheCSPobtainsallthepowerovertheenvironment
andthuscontrolsthesourcesofevidence.Inthebestcase,atrustedthirdpartyactsasatrusteeandguaranteesforthetrustworthinessoftheCSP.Furthermore,theimplementationofthetechnicalarchitectureandcircumstanceswithincloudcomputingenvironmentsbiasthewayaninvestigationmaybeprocessed.Indetail,evidencedatahastobeinterpretedbyaninvestigatorinaWewouldliketothankthereviewersforthehelpfulcommentsandDennisHeinson(CenterforAdvancedSecurityResearchDarmstadt-CASED)fortheprofounddiscussionsregardingthelegalaspectsofcloudforensics.propermannerwhichishardlybepossibleduetothelackofcircumstantialinformation.Forauditors,thissituationdoesnotchange:
Questionswhoaccessedspecificdataandinformationcannotbeansweredbythecustomers,ifnocorrespondinglogsareavailable.Withtheincreasingdemandforusingthepowerofthecloudforprocessingalsosensibleinformationanddata,enterprisesfacetheissueofDataandProcessProvenanceinthecloud[10].Digitalprovenance,meaningmeta-datathat
describestheancestryorhistoryofadigitalobject,isacrucialfeatureforforensicinvestigations.Incombinationwithasuitableauthenticationscheme,itprovidesinformationaboutwhocreatedandwhomodifiedwhatkindofdatainthecloud.Thesearecrucialaspectsfordigitalinvestigationsindistributedenvironmentssuchasthecloud.Unfortunately,theaspectsofforensicinvestigationsindistributedenvironmenthavesofarbeenmostlyneglectedbytheresearchcommunity.Currentdiscussioncentersmostlyaroundsecurity,privacyanddataprotectionissues[35],[9],[12].Theimpactofforensicinvestigationsoncloudenvironmentswaslittlenoticedalbeitmentionedbytheauthorsof[1]in2009:
”[...]toourknowledge,noresearchhasbeenpublishedonhowcloudcomputingenvironmentsaffectdigitalartifacts,
andonacquisitionlogisticsandlegalissuesrelatedtocloudcomputingenvironments.”Thisstatementisalsoconfirmedbyotherauthors[34],[36],[40]stressingthatfurtherresearchonincidenthandling,evidencetrackingandaccountabilityincloudenvironmentshastobedone.Atthesametime,massiveinvestmentsarebeingmadeincloudtechnology.Combinedwiththefactthatinformationtechnologyincreasinglytranscendentspeoples’privateandprofessionallife,thusmirroringmoreandmoreofpeoples’actions,itbecomesapparentthatevidencegatheredfromcloudenvironmentswillbeofhighsignificancetolitigationorcriminalproceedingsinthefuture.Withinthiswork,wefocusthenotionofcloudforensicsbyaddressingthetechnicalissuesofforensicsinallthreemajorcloudservicemodelsandconsidercross-disciplinaryaspects.Moreover,weaddresstheusabilityofvarioussourcesofevidenceforinvestigativepurposesandproposepotentialsolutionstotheissuesfromapracticalstandpoint.Thisworkshouldbeconsideredasasurveyingdiscussionofanalmostunexploredresearcharea.Thepaperisorganizedasfollows:
Wediscusstherelatedworkandthefundamentaltechnicalbackgroundinformationofdigitalforensics,cloudcomputingandthefaultmodelinsectionIIandIII.InsectionIV,wefocusonthetechnical
issuesofcloudforensicsanddiscussthepotentialsourcesandnatureofdigitalevidenceaswellasinvestigationsinXaaSenvironmentsincludingthecross-disciplinaryaspects.WeconcludeinsectionV.
II.RELATEDWORK
Variousworkshavebeenpublishedinthefieldofcloudsecurityandprivacy[9],[35],[30]focussingonaspectsforprotectingdatainmulti-tenant,virtualizedenvironments.Desiredsecuritycharacteristicsforcurrentcloudinfrastructuresmainlyrevolvearoundisolationofmulti-tenantplatforms[12],
securityofhypervisorsinordertoprotectvirtualizedguestsystemsandsecurenetworkinfrastructures[32].Albeitdigitalprovenance,describingtheancestryofdigitalobjects,stillremainsachallengingissueforcloudenvironments,
severalworkshavealreadybeenpublishedinthisfield[8],[10]contributingtotheissuesofcloudforensis.Withinthiscontext,cryptographicproofsforverifyingdataintegritymainlyincloudstorageoffershavebeenproposed,
yetlackingofpracticalimplementations[24],[37],[23].Traditionalcomputerforensicshasalreadywellresearchedmethodsforvariousfieldsofapplication[4],[5],[6],[11],[13].Alsotheaspectsofforensicsinvirtualsystemshavebeenaddressedbyseveralworks[2],[3],[20]includingthenotionofvirtualintrospection[25].Inaddition,theNISTalreadyaddressedWebServiceForensics[22]whichhasahugeimpactoninvestigationprocessesincloudcomputingenvironments.Incontrast,theaspectsofforensicinvestigationsincloudenvironmentshavemostlybeenneglectedbyboththeindustryandtheresearchcommunity.OneofthefirstpapersfocusingonthistopicwaspublishedbyWolthusen[40]afterBebeeetalalreadyintroducedproblemswithincloudenvironments[1].Wolthusenstressedthatthereisaninherentstrongneedforinterdisciplinaryworklinkingtherequirementsandconcepts
ofevidencearisingfromthelegalfieldtowhatcanbefeasiblyreconstructedandinferredalgorithmicallyorinanexploratorymanner.In2010,Grobaueretal[36]publishedapaperdiscussingtheissuesofincidentresponseincloud
environments-unfortunatelynospecificissuesandsolutionsofcloudforensicshavebeenproposedwhichwillbedonewithinthiswork.
III.TECHNICALBACKGROUND
A.TraditionalDigitalForensics
ThenotionofDigitalForensicsiswidelyknownasthepracticeofidentifying,extractingandconsideringevidencefromdigitalmedia.Unfortunately,digitalevidenceisbothfragileandvolatileandthereforerequirestheattentionof
specialpersonnelandmethodsinordertoensurethatevidencedatacanbeproperisolatedandevaluated.Normally,theprocessofadigitalinvestigationcanbeseparatedintothreedifferentstepseachhavingitsownspecific
purpose:
1)IntheSecuringPhase,themajorintentionisthepreservationofevidenceforanalysis.Thedatahastobecollectedinamannerthatmaximizesitsintegrity.Thisisnormallydonebyabitwisecopyoftheoriginalmedia.Ascanbeimagined,thisrepresentsahugeprobleminthefieldofcloudcomputingwhereyouneverknowexactlywhereyourdataisandadditionally
donothaveaccesstoanyphysicalhardware.However,thesnapshottechnology,discussedinsectionIV-B3,providesapowerfultooltofreezesystemstatesandthusmakesdigitalinvestigations,atleastinIaaSscenarios,
theoreticallypossible.
2)WerefertotheAnalyzingPhaseasthestageinwhichthedataissiftedandcombined.Itisinthisphasethatthedatafrommultiplesystemsorsourcesispulledtogethertocreateascompleteapictureandeventreconstructionaspossible.Especiallyindistributedsysteminfrastructures,thismeansthatbitsandpiecesofdataarepulledtogetherfordecipheringtherealstoryofwhathappenedandforprovidingadeeperlookintothedata.
3)Finally,attheendoftheexaminationandanalysisofthedata,theresultsofthepreviousphaseswillbereprocessedinthePresentationPhase.Thereport,createdinthisphase,isacompilationofallthedocumentationandevidencefromtheanalysisstage.Themainintentionofsuchareportisthatitcontainsallresults,itiscompleteandcleartounderstand.Apparently,thesucces