Research Area: Digital Forensics
Logs are one of the most important pieces of analytical data in a cloud-based service infrastructure. At any point in time, service owners and operators need to understand the status of each infrastructure component for fault monitoring, to assess feature usage, and to monitor business processes. Application developers, as well as security personnel, need access to historic information for debugging and forensic investigations.This paper discusses a logging framework and guidelines that provide a proactive approach to logging to ensure that the data needed for forensic investigations has been generated and collected. The standardized framework eliminates the need for logging stakeholders to reinvent their own standards. These guidelines make sure that critical information associated with cloud infrastructure and software as a service (SaaS) use-cases are collected as part of a defense in depth strategy. In addition, they ensure that log consumers can effectively and easily analyze, process, and correlate the emitted log records. The theoretical foundations are emphasized in the second part of the paper that covers the implementation of the framework in an example SaaS offering running on a public cloud service.While the framework is targeted towards and requires the buy-in from application developers, the data collected is critical to enable comprehensive forensic investigations. In addition, it helps IT architects and technical evaluators of logging architectures build a business oriented logging framework.
Keywords:
Author(s) Name: Raffael Marty
Journal name: SAC -11: Proceedings of the 2011 ACM Symposium on Applied Computing
Conferrence name:
Publisher name: ACM
DOI: 10.1145/1982185.1982226
Volume Information:
