Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.5
3.2
Journals
Energies
Special Issues
Digital Forensic Technologies for Introspection of Cloud Computing Platform
energies-logo
Submit to Energies Review for Energies Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

Digital Forensic Technologies for Introspection of Cloud Computing Platform

A special issue of Energies (ISSN 1996-1073). This special issue belongs to the section "A1: Smart Grids and Microgrids".

Deadline for manuscript submissions: closed (30 June 2021) | Viewed by 7446

Special Issue Editor

Prof. Dr. Ki-Woong Park

E-Mail Website
Guest Editor
Department of Computer and Information Security, Sejong University, (05006) 209 NeungDong-ro, Gwangjin-gu, Seoul, Republic of Korea
Interests: digital forensics; cloud computing; virtual machine introspection; cloud forensics analysis

Special Issue Information

Dear Colleagues,

Emerging cloud computing services have led to a paradigm shift enhanced with artificial intelligence, big data, and internet of things technologies. As security incidents targeting the cloud computing platform occur, the paradigm shift brings new risks and challenges in terms of not only security capabilities, but also in terms of digital investigation. In this direction, digital forensic technologies for cloud computing platforms has gained considerable attention in the field of computer security research. This Special Issue is aimed to contribute to this research on topics related to introspection of cloud computing platforms and forensic technologies for cloud computing.

Prof. Ki-Woong Park
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Energies is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Forensics for Cloud Computing Platforms
  • Memory forensics for hypervisors
  • Network forensics for software-defined networks in cloud computing platforms
  • Cloud application forensics
  • Forensics-as-a-service
  • Legal aspect of cloud investigations
  • Case studies related to cloud forensics
  • Current and future trends in cloud forensics
  • Digital evidence search and seizure in the cloud
  • Cloud forensics analysis
  • Incident handling in cloud computing
  • Tools and practices in cloud forensics
  • Challenges of cloud forensics
  • Cybercrime investigation in cloud computing

Published Papers (3 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

20 pages, 330 KiB  
Article
Locked Deduplication of Encrypted Data to Counter Identification Attacks in Cloud Storage Platforms
by Taek-Young Youn, Nam-Su Jho, Keonwoo Kim, Ku-Young Chang and Ki-Woong Park
Energies 2020, 13(11), 2742; https://0-doi-org.brum.beds.ac.uk/10.3390/en13112742 - 29 May 2020
Cited by 1 | Viewed by 1809
Abstract
Deduplication of encrypted data is a significant function for both the privacy of stored data and efficient storage management. Several deduplication techniques have been designed to provide improved security or efficiency. In this study, we focus on the client-side deduplication technique, which has [...] Read more.
Deduplication of encrypted data is a significant function for both the privacy of stored data and efficient storage management. Several deduplication techniques have been designed to provide improved security or efficiency. In this study, we focus on the client-side deduplication technique, which has more advantages than the server-side deduplication technique, particularly in communication overhead, owing to conditional data transmissions. From a security perspective, poison, dictionary, and identification attacks are considered as threats against client-side deduplication. Unfortunately, in contrast to other attacks, identification attacks and the corresponding countermeasures have not been studied in depth. In identification attacks, an adversary tries to identify the existence of a specific file. Identification attacks should be countered because adversaries can use the attacks to break the privacy of the data owner. Therefore, in the literature, some counter-based countermeasures have been proposed as temporary remedies for such attacks. In this paper, we present an analysis of the security features of deduplication techniques against identification attacks and show that the lack of security of the techniques can be eliminated by providing uncertainness to the conditional responses in the deduplication protocol, which are based on the existence of files. We also present a concrete countermeasure, called the time-locked deduplication technique, which can provide uncertainness to the conditional responses by withholding the operation of the deduplication functionality until a predefined time. An additional cost for locking is incurred only when the file to be stored does not already exist in the server’s storage. Therefore, our technique can improve the security of client-side deduplication against identification attacks at almost the same cost as existing techniques, except in the case of files uploaded for the first time. Full article
(This article belongs to the Special Issue Digital Forensic Technologies for Introspection of Cloud Computing Platform)
Show Figures

Figure 1

12 pages, 1064 KiB  
Article
Ghost-MTD: Moving Target Defense via Protocol Mutation for Mission-Critical Cloud Systems
by Jun-Gyu Park, Yangjae Lee, Ki-Wan Kang, Sang-Hoon Lee and Ki-Woong Park
Energies 2020, 13(8), 1883; https://0-doi-org.brum.beds.ac.uk/10.3390/en13081883 - 13 Apr 2020
Cited by 8 | Viewed by 2774
Abstract
Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target [...] Read more.
Research on various security technologies has been actively underway to protect systems from attackers. However, attackers can secure enough time to reconnoiter and attack the target system owing to its static nature. This develops asymmetric warfare in which attackers outwit defenders. Moving target defense (MTD) technologies, which obfuscate the attack surface by modifying the main properties of the potential target system, have been gaining attention as an active cyber security technology. Particularly, network-based MTD (NMTD) technologies, which dynamically mutate the network configuration information, such as IP and ports of the potential target system, can dramatically increase the time required for an attacker to analyze the system. Therefore, this system defense technology has been actively researched. However, increasing the analysis complexity of the target system is limited in conventional NMTD because the variation of system properties (e.g., IP, port) that can be mutated is restricted by the system configuration environment. Therefore, there is a need for an MTD technique that effectively delays an attacker during the system analysis by increasing the variation of system properties. Additionally, in terms of practicality, minimizing the computational overhead arising by the MTD technology and solving the compatibility problem with existing communication protocols are critical issues that cannot be overlooked. In this study, we propose a technology called Ghost-MTD (gMTD). gMTD allows only the user who is aware of protocol mutation patterns to correctly communicate with the service modules of the server system through protocol mutation using the pre-shared one-time bit sequence. Otherwise, gMTD deceives the attackers who attempt to infiltrate the system by redirecting their messages to a decoy-hole module. The experimental results show that the proposed technology enables protocol mutation and validation with a very low performance overhead of only 3.28% to 4.97% using an m-bit (m ≥ 4) length one-time bit sequence and can be applied to real systems regardless of the specific communication protocols. Full article
(This article belongs to the Special Issue Digital Forensic Technologies for Introspection of Cloud Computing Platform)
Show Figures

Graphical abstract

15 pages, 647 KiB  
Article
Lightweight and Seamless Memory Randomization for Mission-Critical Services in a Cloud Platform
by Joobeom Yun, Ki-Woong Park, Dongyoung Koo and Youngjoo Shin
Energies 2020, 13(6), 1332; https://0-doi-org.brum.beds.ac.uk/10.3390/en13061332 - 13 Mar 2020
Cited by 5 | Viewed by 2122
Abstract
Nowadays, various computing services are often hosted on cloud platforms for their availability and cost effectiveness. However, such services are frequently exposed to vulnerabilities. Therefore, many countermeasures have been invented to defend against software hacking. At the same time, more complicated attacking techniques [...] Read more.
Nowadays, various computing services are often hosted on cloud platforms for their availability and cost effectiveness. However, such services are frequently exposed to vulnerabilities. Therefore, many countermeasures have been invented to defend against software hacking. At the same time, more complicated attacking techniques have been created. Among them, code-reuse attacks are still an effective means of abusing software vulnerabilities. Although state-of-the-art address space layout randomization (ASLR) runtime-based solutions provide a robust way to mitigate code-reuse attacks, they have fundamental limitations; for example, the need for system modifications, and the need for recompiling source codes or restarting processes. These limitations are not appropriate for mission-critical services because a seamless operation is very important. In this paper, we propose a novel ASLR technique to provide memory rerandomization without interrupting the process execution. In addition, we describe its implementation and evaluate the results. In summary, our method provides a lightweight and seamless ASLR for critical service applications. Full article
(This article belongs to the Special Issue Digital Forensic Technologies for Introspection of Cloud Computing Platform)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-3
Back to TopTop