Security Issues and Privacy Concerns in Industry 4.0 Applications - Группа авторов

Скачать книгу

CSP. The factor which we assume here is that we can only trust the cloud provider and the IT infrastructure, whereas cloud users’ VMs are untrusted. However, the behavior of a virtual machine needs to be modified for secure M2M communication; a malicious attacker manipulates data (gains access to the user’s virtual machine). Therefore, we do not collect forensics data while the process is running on the user virtual machine rather than apply forensics investigation directly. The virtualized cloud infrastructure guarantees virtual machine isolation [28]; it is completely clear that the attacker does not access other VMs itself or VMM running on the same physical host.

      Several types of research have been published that relate the situation of the trust in the cloud infrastructure, justified through a technical mechanism. Susan F. Crowell says [30] regarding the VMs trust, for virtual machine trust isolation in an IaaS cloud environment, embodiments of the invention monitor level of suspicious activities on the particular virtual machine using embedded node agents. Crowell addresses the critical problems of VMs over the cloud, for example, to create a trustworthy cloud infrastructure by designing a security audit system: verify clients’ data confidentiality and integrity [32], measure virtual machines root-of-trust [31], enforce by a technical mechanism not only by Service Level Agreements (SLAs) contracts.

      In this section, we describe the purpose of an individual process-layer; the first process-layer is the collection of data or data collection layer, in which overall data is captured. The control manager interacts with the data collection and decides when to start or stop the data capturing process. The data collection coordinates with the migration of VM in the cloud environment and the control manager simultaneously collects data traffic of VM migration. On the next process-layer is the separation or filtration; the actual task of the process-layer is to filter captured data by cloud user. The main advantage is that each set of data maintains data accordingly to the single cloud users. Additionally, separation can compress user-specific collected data; reduce the size, and filtering forensically network data traffic.

      In the third process-layer, the accumulator or aggregate layer deals with the adds data from multiple sources of a single cloud user. The cloud user utilizes resources from distinct physical locations such as load balancing then the accumulator collects all data from multiple source location. Furthermore, this layer helps to collaborate with all the network data into a single set. The fourth layer is data analysis, analysis of the preprocessed data set for the detailed investigation. The control manager configures the complete transmission from data capture to the accumulation layer, analysis process-layer is run as a cloud service in the cloud environment. The last process-layer is documentation, which presents the analysis results and consequence to tackle the entire security threats.

Name of network forensics process-layer Task description
The Control Manager Manage cloud infrastructure;An interface configures and controls the forensics process;Authorize forensics request;Target cloud users VMs;Delegate to a third party.
Data Collection/Collection of Data Execute on the local VM;Monitor physical host;Collect network traffic at the VMM level;For an update, dynamically reconfigure;Start/stop data collection.
Separation/Filtration Filtering data individual cloud user;Investigate distinct nodes on the particular physical host;All forensics investigations independently investigated;Separate datasets to a single cloud user;Filtering and reduce the network traffic size;Monitor specifically cloud users;The proposed architecture uses VMs lookup table;Filtering ID, Mac addresses for further investigation.
Accumulator/Aggregation Filtration process-layer provides data;Collect data;Capture from the several locations;Combine data.
Analyzation Potentially support multiple possibilities;Transfer the accumulator layer output to the investigator;A user of the cloud deploy analysis as a cloud service;Run analysis on the cloud.
Documentation Produce a report on the basis of analysis results;Presentation of analysis outcomes.

      In this section, we have implemented the model of the prototype architecture described in section 2.2. In the implementation phase, we extend some crucial components that are usable for network forensics investigation on the cloud environment; the prototype implementation of the proposed architecture assumption are as follows:

       An account of individual cloud user VMs managed by CSP;

       Cloud users able to run/stop the process of data collection for forensics investigation;

       Monitor the VMs for cloud security perspective and also ensure the M2M secure communication;

       Inside the cloud, a web-based system created and used to analyze the collected data.

      In this chapter, we clarify that the users are able to work with the VMs, to change their status individual and also monitor the overall activity parameters of VMs. Our proposed architecture slightly extends the software management for control of network forensics by adding some application programming interface. Using OpenNebula [34, 35], an open-source active community-based cloud management system, it supports more distinct and independent VMMs products. The main objective is to create an interface of analysis tool to capture malicious threats that run as a service in the users’ cloud VMs. In this scenario, NetworkMiner [36] an open-source network forensics analysis framework, helps to analyze collected forensics data within the cloud [38]. The next couple of sections briefly elaborate on the complete mechanism of the OpenNebula and NetworkMiner analysis tool.

      2.3.1 OpenNebula (Hypervisor) Implementation Platform

Скачать книгу