Options
Kechadi, Tahar
Preferred name
Kechadi, Tahar
Official Name
Kechadi, Tahar
Research Output
Now showing 1 - 7 of 7
- PublicationReference Architecture for a Cloud Forensic Readiness System(2014)
; ; The Digital Forensic science is participating to a brand new change represented by the management of incidents in the Cloud Computing Services. Due that the Cloud Computing architecture is uncontrollable because of some specific features,its use to commit crimes is becoming a very critical issue, too. Proactive Cloud Forensics becomes a matter of urgency, due to its capability of collecting critical data before crimes happen, thus saving time and money for the subsequent investigations. In this paper, a proposal for a Cloud Forensic Readiness System is presented. It is conceived as reference architecture, in order to be of general applicability, not technically constrained by any Cloud architecture. The principal aim of this work is to extend our initial proposed Cloud Forensic Readiness System reference architecture, by providing more details and an example of its application by exploiting the Open Stack Cloud Platform.1821 - PublicationOverview of the Forensic Investigation of Cloud ServicesCloud Computing is a commonly used, yet ambiguous term, which can be used to refer to a multitude of differing dynamically allocated services. From a law enforcement and forensic investigation perspective, cloud computing can be thought of as a double edged sword. While on one hand, the gathering of digital evidence from cloud sources can bring with it complicated technical and cross-jurisdictional legal challenges. On the other, the employment of cloud storage and processing capabilities can expedite the forensics process and focus the investigation onto pertinent data earlier in an investigation. This paper examines the state-of-the-art in cloud-focused, digital forensic practises for the collection and analysis of evidence and an overview of the potential use of cloud technologies to provide Digital Forensics as a Service.
Scopus© Citations 28 914 - PublicationA New Distributed Chinese Wall Security Policy Model(Association of Digital Forensics, Security and Law, 2016)
; ; The application of the Chinese wall security policy model (CWSPM ) to control the informationflows between two or more competing and/or conflicting companies in cloud computing(Multi-tenancy) or in the social network, is a very interesting solution.The main goal of the Chinese Wall Security Policy is to build a wall between the datasetsof competing companies, and among the system subjects. This is done by the applying tothe subjects mandatory rules, in order to control the information flow caused between them.This problem is one of the hottest topics in the area of cloud computing (as a distributedsystem) and has been attempted in the past; however the proposed solutions cannot dealwith the composite information flows problem (e.g., a malicious Trojan horses problem),caused by the writing access rule imposed to the subject on the objects.In this article, we propose a new CWSP model, based on the access query type of the subjectto the objects using the concepts of the CWSP. We have two types of walls placement, thefirst type consists of walls that are built around the subject, and the second around theobject. We cannot find inside each once wall two competing objects data. We showed thatthis mechanism is a good alternative to deal with some previous models limitations. Themodel is easy to implement in a distributed system (as Cloud-Computing). It is based on thetechnique of Object Oriented Programming (Can be used in Cloud computing Software asa service SaaS) or by using the capabilities as an access control in real distributed system360 - PublicationBitTorrent Sync: Network Investigation MethodologyThe volume of personal information and data most Internet users find themselves amassing is ever increasing and the fast pace of the modern world results in most requiring instant access to their files. Millions of these users turn to cloud based file synchronisation services, such as Dropbox, Microsoft Skydrive, Apple iCloud and Google Drive, to enable 'always-on' access to their most up-to-date data from any computer or mobile device with an Internet connection. The prevalence of recent articles covering various invasion of privacy issues and data protection breaches in the media has caused many to review their online security practices with their personal information. To provide an alternative to cloud based file backup and synchronisation, BitTorrent Inc. released an alternative cloudless file backup and synchronisation service, named BitTorrent Sync to alpha testers in April 2013. BitTorrent Sync's popularity rose dramatically throughout 2013, reaching over two million active users by the end of the year. This paper outlines a number of scenarios where the network investigation of the service may prove invaluable as part of a digital forensic investigation. An investigation methodology is proposed outlining the required steps involved in retrieving digital evidence from the network and the results from a proof of concept investigation are presented.
Scopus© Citations 13 433 - PublicationTowards Automatic Service Level Agreements Information Extraction(SCITEPRESS – Science and Technology Publications, 2016-04-25)
; ; ; Information systems and computing capabilities are delivered through the Internet in the form of services; they are regulated by a Service Level Agreement (SLA) contract co-signed by a generic Application Service Provider (ASP) and the end user(s), as happens for instance in the cloud. In such a type of contract several clauses are established; they concern the level of the services to guarantee, also known as quality of service (QoS) parameters, and the penalties to apply in case the requirements are not met during the SLA validity time, among others. SLA contracts use legal jargon, indeed they have legal validity in case of court litigation between the parties. A dedicated contract management facility should be part of the service provisioning because of the contractual importance and contents. Some work in literature about these facilities rely on a structured language representation of SLAs in order to make them machine-readable. The majority of these languages are the result of private stipulation between private industries and not available for public services where SLAs are expressed in common natural language instead. In order to automate the SLAs management, the first step is to recognise the documents. In this paper an investigation towards SLAs text recognition is presented; the proposal is driven by an analysis of the contractual contents necessary to be automatically extracted in order to facilitate possible criminal investigations.Scopus© Citations 2 339 - PublicationA Trusted Way for Encryption Key Management in Cloud ComputingWe propose an approach to provide the cryptography key management system (CKMS) as a trusted security services in Cloud Computing, based on the trusted platform module (TPM / vTPM). In this approach we have used the TPMs capabilities / functions as a secure way and a root of trust for this kind of services. Therefore, and as an application case, we have used TPMs key generation component as a trusted way to generate and to sign an encryption/signing keys by the CKMS for their customers.Index Terms Cloud Computing, Security as a Services, Cryptographic Key Management System, Trusted Platform.
474 - PublicationDigital Forensic Investigations in the Cloud: A Proposed Approach for Irish Law Enforcement(2015-01-28)
; ; Cloud computing offers utility oriented Information and Communications Technology (ICT) services to users all over the world. The evolution of Cloud computing is driving the design of data centres by architecting them as networks of virtual services; this enables users to access and run applications from anywhere in the world. Cloud computing offers significant advantages to organisations through the provision of fast and flexible ICT hardware and software infrastructures, thus enabling organisations to focus on creating innovative business values for the services they provide.As the prevalence and usage of networked Cloud computer systems increases, logically the likelihood of these systems being used for criminal behaviour also increases. Thus, this new computing evolution has a direct effect on, and creates challenges for, digital forensic practitioners working in Irish law enforcement.The field of digital forensics has grown rapidly over the last decade due to the rise of the internet and associated crimes; however while the theory is well established, the practical application of the discipline is still new and developing. Law enforcement agencies can no longer rely on traditional digital forensic methods of data acquisition through device seizure to gather relevant evidence pertaining to an investigation. Using traditional digital forensic methods will lead to the loss of valuable evidential material if employed during investigations which involve Cloud based infrastructures.Cloud computing and its impact on digital forensics will continue to grow. This paper analyses traditional digital forensics methods and explains why these are inadequate for Cloud forensic investigations with particular focus on Irish law enforcement agencies. In this paper, we do a survey on approaches to digital forensics of Irish Law Enforcement Agencies for cloud based investigations and we propose a digital forensic framework approach to acquiring data from Cloud environments. This proposed approach aims to overcome the limitations of traditional digital forensics and the challenges Cloud computing presents for digital forensic practitioners working in Irish law enforcement.1233