This document summarizes Asif Imran's research presentation on developing an effective provenance model from system logs to improve cloud data forensics. The presentation discusses proposing research on this topic, existing provenance research works, and background on cloud provenance detection. It also describes the experimental environment involving OpenStack components that will be used to test provenance detection in the cloud. The overall goal is to derive a provenance model from system logs that can ensure improved management of cloud data forensics.

1. Research Supervisor: Dr. Kazi Sakib
Associate Professor and BIT Program Chair, IIT, DU
Asif Imran :BIT0119
Provenance Research presentation 1

2. • Proposed Research
• Existing Research Work
• Cloud Provenance Detection: Background
Study
• Experimental Environment
Provenance Research presentation 2

3. How can an effective provenance model from
system logs be derived that will ensure improved
management of cloud data forensics?
Provenance Research presentation 3

4. Provenance Research presentation 4

5. Existing Research
Provenance Research presentation 5

6.  Provenance Detection: Scientific Workflows
[1], [2], [3], [4]
 Accountability as a Service (AaaS) [5], [6],
[7]
 Hidden Provenance information [8]
Provenance Research presentation 6

7.  Cloud Security Alliance (CSA) [9], [10]
◦ Abuse and nefarious use of cloud computing
◦ Insecure application programming interfaces
◦ Malicious insiders
◦ Data loss and leakages
◦ Unknown risk profile
Provenance Research presentation 7

8.  Provenance for secure cloud administration:
limited availability
 System, file-centric provenance data
capturing: limited extent
Provenance Research presentation 8

9.  Log-based provenance detection: minimal
effort
 Provenance storage and representation
Provenance Research presentation 9

10. Cloud Provenance:
Background Study
Provenance Research presentation 10

11. Service Reason of Failure (Assumed) Duration
Amazon S3 Authentication mechanisms overloaded by 2 hours
remote attacks (no action taken)
Google Error from the end of the maintenance 4.6 hours
AppEngine engineer’s program (no action taken)
Gmail The contact list mechanism crashed (tested 1.4 hours
for bugs)
Provenance Research presentation 11

12. Provenance Research presentation 12

13. Provenance Research presentation 13

14.  Cloud Environment
 Network Infrastructure
 Database Management System
 Servers
Provenance Research presentation 14

15. Experimental Environment for
Cloud Provenance Detection
Provenance Research presentation 15

16. Server Hardware
Cloud Controller node which runs the following: Processor: 64-bit x86
Network, Memory: 16 GB RAM
Volume Disk space: 1900 GB (SATA or SAS or SSD)
API Volume storage: 100 GB (SATA) for volumes attached to the
Scheduler compute nodes
Image services Network: one 1 GB Network Interface Card
(NIC) minimum
Compute node which runs the following: Processor: 64-bit x86
Virtual instances Memory: 16 GB RAM (32 GB minimum)
System log information Disk space: 2 TB GB (SATA)
Communication with the Compute Network: two 1 GB NICs
Provenance Research presentation 16

17.  Compute
 Nova-Network
 Nova-Scheduler
 Glance
Provenance Research presentation 17

18. Glance
Keystone
Nova
Provenance Research presentation 18

19. Images: Windows,
CentOS
Provenance Research presentation 19

20. Provenance Research presentation 20

21.  [1] A. Haeberlen, ―A case for the accountable cloud,‖ ACM SIGOPS, Operating
Systems Review, vol. 44, no. 2, 2010, pp. 52-57.
 [2] S. Pearson and A. Benameur, ―Privacy, Security and Trust Issues Arising from
Cloud Computing,‖ Proc. The 2nd International Conference on Cloud Computing
2010, IEEE, 2010, pp. 693-702.
 [3] M. Vouk, ―Cloud computing—Issues, research and implementations,‖ Proc. 30th
International Conference on Information Technology Interfaces, 2008 (ITI 2008)
IEEE, 2008, pp. 31-40.
 [4] S.B. Davidson, S. Khanna, S. Roy, J. Stoyanovich, V. Tannen and Y. Chen, ―On
provenance and privacy,‖ Proc. Proceedings of the 14th International Conference on
Database Theory (ICDT), ACM, 2011, pp. 3-10.
 [5] J. Yao, S. Chen, C. Wang, D. Levy and J. Zic, ―Accountability as a Service for the
Cloud,‖ Proc. IEEE Service Computing Conference 2010 (SCC 2010), IEEE, 2010, pp.
81-88.
 [6] J. Wei, X. Zhang, G. Ammons, V. Bala and P. Ning, ―Managing security of virtual
machine images in a cloud environment,‖ ACM, 2009, pp. 91-96.
Provenance Research presentation 21

22.  [7] W.Z.P. Ning, X.Z.G. Ammons, R. Wang and V. Bala, ―Always Upto- date–Scalable Offline
Patching of VM Images in a Compute Cloud,‖ IBM Technical Papers, no. RC24956, 2010.
 [8] R.K.L. Ko, B.S. Lee and S. Pearson, ―Towards Achieving Accountability, Auditability and
Trust in Cloud Computing,‖ Proc. International workshop on Cloud Computing: Architecture,
Algorithms and Applications (CloudComp2011), Springer, 2011, pp. 5.
 [9] Cloud Security Alliance, ―Top Threats to Cloud Computing (V1.0),‖ 2010;
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
 [10] J. Brodkin, ―Gartner: Seven cloud-computing security risks,‖ Infoworld, 2008, pp. 1–3.
 [11] W. Zhou, M. Sherr, T. Tao, X. Li, B.T. Loo and Y. Mao, ―Efficient querying and
maintenance of network provenance at internet-scale,‖ Proc. 2010 International Conference
on Management of Data (SIGMOD 2010), ACM, 2010, pp. 615-626.
 [12] M. Mowbray, S. Pearson and Y. Shen, ―Enhancing privacy in cloud computing via
policy-based obfuscation,‖ The Journal of Supercomputing, 2010, pp. 1-25.
 [13] ―OpenStack Compute Administration Guide‖ 2011
Provenance Research presentation 22

23. (asifimran33@gmail.com)
Provenance Research presentation 23