Abstract
Cloud forensics assist investigators on solving cloud-based cyber-crimes. Although investigators use forensic methods and tools to cope with incidents, there are other aspects that put barriers to the whole investigation process. One of these aspects is the way cloud services are designed and implemented. Software engineers are responsible for the design and implementation of them but in many cases, cloud services are not designed nor implemented as cloud forensic-enabled, introducing issues to the outcome of the potential investigation. To design cloud services capable of assisting investigators to solve an incident is a challenge. To overcome this issue, in this paper we present a requirements engineering framework to support software engineers in the elicitation of forensic requirements and the design of forensic-enabled cloud services. The framework considers a set of cloud forensic constraints and a modelling language for the successful collaboration of them with the rest of the requirements engineering concepts. The main advantage of the proposed model is the correlation of cloud services’ characteristics with the cloud investigation while providing software engineers the ability to de-sign and implement cloud forensic-enabled services via the use of process patterns.
References
Simou, S., Kalloniatis, C., Mouratidis, H., Gritzalis, S.: Towards a model-based framework for forensic-enabled cloud information systems. In: Katsikas, S., Lambrinoudakis, C., Furnell, S. (eds.) TrustBus 2016. LNCS, vol. 9830, pp. 35–47. Springer, Cham (2016). doi:10.1007/978-3-319-44341-6_3
Simou, S., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Cloud forensics: identifying the major issues and challenges. In: Jarke, M., Mylopoulos, J., Quix, C., Rolland, C., Manolopoulos, Y., Mouratidis, H., Horkoff, J. (eds.) CAiSE 2014. LNCS, vol. 8484, pp. 271–284. Springer, Cham (2014). doi:10.1007/978-3-319-07881-6_19
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. NIST Special Publication, vol. SP 500-292, p. 35 (2011)
Cloud Accountability Project. http://www.a4cloud.eu/cloud-accountability. Accessed Mar 2017
Newcombe, L.: Securing Cloud Services: A Pragmatic Approach to Security Architecture in the Cloud. IT Governance Publishing, UK (2012)
NIST Cloud Computing Security Working Group: NIST cloud computing security reference architecture, Working document. NIST, vol. Draft SP 500-299, p. 204 (2013)
Catteddu, D., Felici, M., Hogben, G., Holcroft, A., Kosta, E., Leenes, R., Millard, C., Niezen, M., Nuñez, D., Papanikolaou, N., Pearson, S.: Towards a model of accountability for cloud computing services. In: Paper Presented at the Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (2013)
Zawoad, S., Hasan, R.: A trustworthy cloud forensics environment. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2015. IAICT, vol. 462, pp. 271–285. Springer, Cham (2015). doi:10.1007/978-3-319-24123-4_16
Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud Forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2011. IAICT, vol. 361, pp. 35–46. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24212-0_3
Ruan, K., Carthy, J.: Cloud forensic maturity model. In: Rogers, M., Seigfried-Spellar, Kathryn C. (eds.) ICDF2C 2012. LNICST, vol. 114, pp. 22–41. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39891-9_2
Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stand. Interfaces 36(4), 759–775 (2014)
Chang, C., Ramachandran, M.: Towards achieving data security with the cloud computing adoption framework. IEEE Trans. Serv. Comput. 9(1), 138–151 (2016)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008)
Shei, S., Kalloniatis, C., Mouratidis, H., Delaney, A.: Modelling secure cloud computing systems from a security requirements perspective. In: Katsikas, S., Lambrinoudakis, C., Furnell, S. (eds.) TrustBus 2016. LNCS, vol. 9830, pp. 48–62. Springer, Cham (2016). doi:10.1007/978-3-319-44341-6_4
Simou, S., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Cloud forensics solutions: a review. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE 2014. LNBIP, vol. 178, pp. 299–309. Springer, Cham (2014). doi:10.1007/978-3-319-07869-4_28
Simou, S., Kalloniatis, C., Gritzalis, S., Mouratidis, H.: A survey on cloud forensics challenges and solutions. Secur. Commun. Netw. 9(18), 6285–6314 (2016)
Kavakli, E., Kalloniatis, C., Loucopoulos, P., Gritzalis, S.: Incorporating privacy requirements into the system design process: the PriS conceptual framework. Internet Res. 16(2), 140–158 (2006)
ENISA: Cloud computing incident reporting: framework for reporting about major cloud security incidents (2013)
Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Special Publication, vol. SP 800-86, p. 121 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Simou, S., Kalloniatis, C., Gritzalis, S. (2017). Modelling Cloud Forensic-Enabled Services. In: Lopez, J., Fischer-HĂĽbner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-64483-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64482-0
Online ISBN: 978-3-319-64483-7
eBook Packages: Computer ScienceComputer Science (R0)