Showing 1–3 of 3 results for author: Weir, G R S

Cloud Security and Security Challenges Revisited

Authors: Fabian Süß, Marco Freimuth, Andreas Aßmuth, George R. S. Weir, Bob Duncan

Abstract: In recent years, Cloud Computing has transformed local businesses and created new business models on the Internet- and Cloud services are still flourishing. But after the emphatic hype in the early years, a more realistic perception of Cloud services has emerged. One reason for this surely is that today, Cloud Computing is considered as an established and well-accepted technology and no longer as… ▽ More In recent years, Cloud Computing has transformed local businesses and created new business models on the Internet- and Cloud services are still flourishing. But after the emphatic hype in the early years, a more realistic perception of Cloud services has emerged. One reason for this surely is that today, Cloud Computing is considered as an established and well-accepted technology and no longer as a technical novelty. But the second reason for this assessment might also be numerous security issues that Cloud Computing in general or specific Cloud services have experienced since then. In this paper, we revisit attacks on Cloud services and Cloud-related attack vectors that have been published in recent years. We then consider successful or proposed solutions to cope with these challenges. Based on these findings, we apply a security metric in order to rank all these Cloud-related security challenges concerning their severity. This should assist security professionals to prioritize their efforts toward addressing these issues. △ Less

Submitted 18 May, 2024; originally announced May 2024.

Comments: 6 pages

Journal ref: Proc of the 10th International Conference on Cloud Computing, GRIDs, and Virtualization (Cloud Computing 2019), Venice, Italy, May 2019, pp. 61-66, ISSN 2308-4294

Managing Forensic Recovery in the Cloud

Authors: George R. S. Weir, Andreas Aßmuth, Nicholas Jäger

Abstract: As organisations move away from locally hosted computer services toward Cloud platforms, there is a corresponding need to ensure the forensic integrity of such instances. The primary reasons for concern are (i) the locus of responsibility, and (ii) the associated risk of legal sanction and financial penalty. Building upon previously proposed techniques for intrusion monitoring, we highlight the mu… ▽ More As organisations move away from locally hosted computer services toward Cloud platforms, there is a corresponding need to ensure the forensic integrity of such instances. The primary reasons for concern are (i) the locus of responsibility, and (ii) the associated risk of legal sanction and financial penalty. Building upon previously proposed techniques for intrusion monitoring, we highlight the multi-level interpretation problem, propose enhanced monitoring of Cloud-based systems at diverse operational and data storage level as a basis for review of historical change across the hosted system and afford scope to identify any data impact from hostile action or 'friendly fire'. △ Less

Submitted 10 May, 2024; originally announced May 2024.

Comments: 6 pages

Journal ref: Proc of the 9th International Conference on Cloud Computing, GRIDs, and Virtualization (Cloud Computing 2018), Barcelona, Spain, February 2018, pp. 45-50, ISSN 2308-4294

Strategies for Intrusion Monitoring in Cloud Services

Authors: George R. S. Weir, Andreas Aßmuth

Abstract: Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activit… ▽ More Effective activity and event monitoring is an essential aspect of digital forensic readiness. Techniques for capturing log and other event data are familiar from conventional networked hosts and transfer directly to the Cloud context. In both contexts, a major concern is the risk that monitoring systems may be targeted and impaired by intruders seeking to conceal their illicit presence and activities. We outline an approach to intrusion monitoring that aims (i)~to ensure the credibility of log data and (ii)~provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired. △ Less

Submitted 3 May, 2024; originally announced May 2024.

Comments: 5 pages

Journal ref: Proc of the 8th International Conference on Cloud Computing, GRIDs, and Virtualization (Cloud Computing 2017), Athens, Greece, February 2017, pp. 49-53, ISSN 2308-4294