Now showing 1 - 6 of 6
  • Publication
    A Cloud Forensic Readiness Model for Service Level Agreements Management
    (Academic Conferences and Publishing International Limited, 2015-07-03) ; ;
    Cloud computing is increasingly becoming a target of cyber-criminal attacks. Often the committedcrimes violate the Service Level Agreement (SLA) contracts, which must be respected by all the involvedparties. Cloud Forensics is a branch of Digital Forensic discipline dealing with crimes involving the Cloud. Amanner for leveraging some of the attacks is the provisioning of a Forensic Readiness capability, by performingsome activities before the crimes happen. In this paper we introduce a model aimed to represent themanagement of SLAs through a cloud system.
      395
  • Publication
    SLAFM: A Service Level Agreements Formal Model for Cloud Computing
    Cloud Computing services are regulated by a contract called Service Level Agreement (SLA). They are cosigned between the customers and the providers after a negotiation phase, and during their validity time several constraints have to be respected by the involved parties. Due to their popularity, cloud services are enormously used and unfortunately also abused, specially by cyber-criminals. Sometimes the crimes have the consequence of violating some contractual constraints without the parties are aware of. A manner for guaranteeing more control of the SLA respect is to consider a dedicated system interacting with the cloud services and detecting the SLA violations by analysing the log files. Our proposal will introduce a formal model aimed to represent the contents of such SLAs with rules in the context of an automatic mechanism for detecting SLA violations.
      158
  • Publication
    Towards Automatic Service Level Agreements Information Extraction
    (SCITEPRESS – Science and Technology Publications, 2016-04-25) ; ; ;
    Information systems and computing capabilities are delivered through the Internet in the form of services; they are regulated by a Service Level Agreement (SLA) contract co-signed by a generic Application Service Provider (ASP) and the end user(s), as happens for instance in the cloud. In such a type of contract several clauses are established; they concern the level of the services to guarantee, also known as quality of service (QoS) parameters, and the penalties to apply in case the requirements are not met during the SLA validity time, among others. SLA contracts use legal jargon, indeed they have legal validity in case of court litigation between the parties. A dedicated contract management facility should be part of the service provisioning because of the contractual importance and contents. Some work in literature about these facilities rely on a structured language representation of SLAs in order to make them machine-readable. The majority of these languages are the result of private stipulation between private industries and not available for public services where SLAs are expressed in common natural language instead. In order to automate the SLAs management, the first step is to recognise the documents. In this paper an investigation towards SLAs text recognition is presented; the proposal is driven by an analysis of the contractual contents necessary to be automatically extracted in order to facilitate possible criminal investigations.
    Scopus© Citations 2  337
  • Publication
    Formalization of SLAs for Cloud Forensic Readiness
    Cloud Computing is one of the most pervasive ICT changes of the last few years. Usually, Clouds offer a variety of Services, which are accessible over the Internet. These Services are regulated by some contracts called Service Level Agreements between Service providers and customers. The SLAs have already been introduced in Service Oriented Architectures in situations where some computing services need to be structured and regulated. In an SLA, the constraints of use, the duties and responsibilities of the parties involved, the charges and the service levels to guarantee, etc., are clearly stated by dedicated clauses. Despite the efforts made in systems security and the standardisation of SLAs, Cloud Services continues to suffer from various cybercriminal attacks, and unfortunately this phenomenon is likely to escalate within the next few years. It becomes urgent to take some countermeasures against these illegal practices to increase both the customer trust and quality of services of such new technologies. One of the alternatives for this phenomenon is to provide an efficient cloud Forensic Readiness System (FRS) to prevent and alert the provider and/or customer of any suspect attacks or strange behaviour. Much attention has been given to FRSs and they have certainly moved from simple log files and monitoring to very sophisticated components involving both human experts and computer analysis tools. In this paper we study the effect of SLAs on FRSs. As SLAs may be different from one jurisdiction to another we believe that FRSs should also comply with jurisdiction for more efficiency and speed of isolating and resolving forensic cases. Therefore, we propose an FRS that takes into account automatically SLAs and issue warnings and alerts to its users (providers and consumers) based on the jurisdiction and the nature of security breach and attacks. These SLAs are presented to the system as a set of rules (clauses). This will also prevent illegal data transfers and communications among different jurisdictions. Part of this paper will be dedicated to the formalisation of these SLAs and study its consequences on the FRS architecture and functioning. The rest of the paper will be dedicated to the design and development of the FRS reference architecture integrating the proposed SLA formal model.
      1211
  • Publication
    Forensic readiness capability for cloud computing
    (University College Dublin. School of Computer Science  , 2015) ; ;
    Cloud computing services represent the actual computation delivery to the mostof customer communities. Such services are regulated by a contract called ServiceLevel Agreement (SLA), cosigned between customers and providers. During itsvalidity time several contractual constraints have to be respected by the involvedparties. Due to their popularity, cloud services are enormously used and unfortunatelyalso abused, especially by cyber-criminals. A manner for guaranteeing andenhancing cloud service security is the provisioning of a forensic readiness capabilityto them. Such a capability is responsible to perform some activities aimed toprepare the services for a possible forensic investigation. Sometimes, the crimesare related to some contractual constraint violations without the parties are awareof. Thus, a dedicated forensic readiness capability interacting with cloud servicesand detecting the SLA violations by analysing some cloud log files can guaranteemore control on such contracts. In this dissertation, a formal model aimed torepresent a forensic readiness capability for the cloud that detects contractual violationsis presented, together with a prototype system running on a specific casestudy.
      700
  • Publication
    Reference Architecture for a Cloud Forensic Readiness System
    The Digital Forensic science is participating to a brand new change represented by the management of incidents in the Cloud Computing Services. Due that the Cloud Computing architecture is uncontrollable because of some specific features,its use to commit crimes is becoming a very critical issue, too. Proactive Cloud Forensics becomes a matter of urgency, due to its capability of collecting critical data before crimes happen, thus saving time and money for the subsequent investigations. In this paper, a proposal for a Cloud Forensic Readiness System is presented. It is conceived as reference architecture, in order to be of general applicability, not technically constrained by any Cloud architecture. The principal aim of this work is to extend our initial proposed Cloud Forensic Readiness System reference architecture, by providing more details and an example of its application by exploiting the Open Stack Cloud Platform.
      1821