SecLaaS: Secure Logging-as-a-Service for Cloud Forensics

TL;DR

SecLaaS introduces a secure cloud logging service that preserves user privacy and log integrity, facilitating forensic investigations in cloud environments without compromising security.

Contribution

The paper presents SecLaaS, a novel system that ensures confidentiality and integrity of cloud logs for forensic purposes, addressing privacy and trust issues in log sharing.

Findings

Implemented SecLaaS in OpenStack for network logs

Demonstrated feasibility and security of the scheme

Ensured log confidentiality and integrity

Abstract

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. Analyzing various logs (e.g., process logs, network logs) plays a vital role in computer forensics. Unfortunately, collecting logs from a cloud is very hard given the black-box nature of clouds and the multi-tenant cloud models, where many users share the same processing and network resources. Researchers have proposed using log API or cloud management console to mitigate the challenges of collecting logs from cloud infrastructure. However, there has been no concrete work, which shows how to provide cloud logs to investigator while preserving users' privacy and integrity of the logs. In this paper, we introduce Secure-Logging-as-a-Service (SecLaaS), which stores virtual machines' logs and provides access to forensic investigators ensuring the confidentiality of the cloud users. Additionally, SeclaaS preserves proofs of past log and thus protects the integrity of the logs from dishonest investigators or cloud providers. Finally, we evaluate the feasibility of the scheme by implementing SecLaaS for network access logs in OpenStack - a popular open source cloud platform.