Research Area:  Digital Forensics
In digital forensics investigations, the system time of computing resources can provide critical information to implicate or exonerate a suspect. In clouds, alteration of the system time of a virtual machine (VM) or a cloud host machine can provide unreliable time information, which in turn can mislead an investigation in the wrong direction. In this paper, we propose Chronos to secure the system time of cloud hosts and VMs in an untrusted cloud environment. Since it is not possible to prevent a malicious user or a dishonest insider of a cloud provider from altering the system time of a VM or a host machine, we propose a tamper-evident scheme to detect this malicious behavior at the time of investigation. We integrate Chronos with an open-source cloud platform - OpenStack and evaluate the feasibility of Chronos while running 20 VMs on a single host machine. Our test results suggest that Chronos can be easily deployed in the existing cloud with very low overheads, while achieving a high degree of trustworthiness of the system time of the cloud hosts and VMs.
Keywords:  
Author(s) Name:  Shams Zawoad; Ragib Hasan
Journal name:  
Conferrence name:  IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)
Publisher name:  IEEE
DOI:  10.1109/COMPSAC.2016.80
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/7552045