Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance

Bob Duncan, Andreas Happe, Alfred Bratterud

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to prevent this from happening in cloud. Quite apart from the obvious difficulties this will present to finding out who has breached the system and how they got in, there will now be a far more pressing problem to be dealt with, namely, the forthcoming European Union General Data Protection Regulation. Once a breach has been identified, it is also necessary for the company to report the impact of the breach, to include which records were accessed, modified, deleted, or exfiltrated, on pain of punitive levels of fine. Where the forensic trail has been compromised, this might prove to be a huge challenge to comply with. We propose addressing this problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.
Original languageEnglish
Title of host publicationThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
EditorsBob Duncan
PublisherIARIA
Pages71-76
Number of pages6
ISBN (Print)978-1-61208-607-1
Publication statusPublished - 20 Feb 2018
EventThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization - Barcelon, Spain
Duration: 18 Feb 201822 Feb 2018

Publication series

NameCloud Computing 2018
PublisherIARIA
ISSN (Print)2308-4294

Conference

ConferenceThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
CountrySpain
CityBarcelon
Period18/02/1822/02/18

Fingerprint

Data privacy
Monitoring
Industry
Compliance
European Union

Keywords

  • Cloud forensic problem
  • unikernels
  • EU GDPR
  • compliance

Cite this

Duncan, B., Happe, A., & Bratterud, A. (2018). Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance. In B. Duncan (Ed.), The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization (pp. 71-76). [28012] (Cloud Computing 2018). IARIA.

Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance. / Duncan, Bob; Happe, Andreas; Bratterud, Alfred.

The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization. ed. / Bob Duncan. IARIA, 2018. p. 71-76 28012 (Cloud Computing 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Duncan, B, Happe, A & Bratterud, A 2018, Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance. in B Duncan (ed.), The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization., 28012, Cloud Computing 2018, IARIA, pp. 71-76, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization, Barcelon, Spain, 18/02/18.
Duncan B, Happe A, Bratterud A. Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance. In Duncan B, editor, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization. IARIA. 2018. p. 71-76. 28012. (Cloud Computing 2018).
Duncan, Bob ; Happe, Andreas ; Bratterud, Alfred. / Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance. The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization. editor / Bob Duncan. IARIA, 2018. pp. 71-76 (Cloud Computing 2018).
@inproceedings{819984b4f8a04a04a580924800bea171,
title = "Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance",
abstract = "IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to prevent this from happening in cloud. Quite apart from the obvious difficulties this will present to finding out who has breached the system and how they got in, there will now be a far more pressing problem to be dealt with, namely, the forthcoming European Union General Data Protection Regulation. Once a breach has been identified, it is also necessary for the company to report the impact of the breach, to include which records were accessed, modified, deleted, or exfiltrated, on pain of punitive levels of fine. Where the forensic trail has been compromised, this might prove to be a huge challenge to comply with. We propose addressing this problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.",
keywords = "Cloud forensic problem, unikernels, EU GDPR, compliance",
author = "Bob Duncan and Andreas Happe and Alfred Bratterud",
year = "2018",
month = "2",
day = "20",
language = "English",
isbn = "978-1-61208-607-1",
series = "Cloud Computing 2018",
publisher = "IARIA",
pages = "71--76",
editor = "Bob Duncan",
booktitle = "The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization",

}

TY - GEN

T1 - Using Unikernels to Address the Cloud Forensic Problem and help Achieve EU GDPR Compliance

AU - Duncan, Bob

AU - Happe, Andreas

AU - Bratterud, Alfred

PY - 2018/2/20

Y1 - 2018/2/20

N2 - IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to prevent this from happening in cloud. Quite apart from the obvious difficulties this will present to finding out who has breached the system and how they got in, there will now be a far more pressing problem to be dealt with, namely, the forthcoming European Union General Data Protection Regulation. Once a breach has been identified, it is also necessary for the company to report the impact of the breach, to include which records were accessed, modified, deleted, or exfiltrated, on pain of punitive levels of fine. Where the forensic trail has been compromised, this might prove to be a huge challenge to comply with. We propose addressing this problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.

AB - IT security and privacy is a challenging problem to address, and when cloud is used, there is an exponential increase in the challenge. A particular challenge is the cloud forensic problem, which arises when an attacker succeeds in breaching a cloud system, because one of the first aims is to delete the forensic trail, and there is little to prevent this from happening in cloud. Quite apart from the obvious difficulties this will present to finding out who has breached the system and how they got in, there will now be a far more pressing problem to be dealt with, namely, the forthcoming European Union General Data Protection Regulation. Once a breach has been identified, it is also necessary for the company to report the impact of the breach, to include which records were accessed, modified, deleted, or exfiltrated, on pain of punitive levels of fine. Where the forensic trail has been compromised, this might prove to be a huge challenge to comply with. We propose addressing this problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.

KW - Cloud forensic problem

KW - unikernels

KW - EU GDPR

KW - compliance

M3 - Conference contribution

SN - 978-1-61208-607-1

T3 - Cloud Computing 2018

SP - 71

EP - 76

BT - The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization

A2 - Duncan, Bob

PB - IARIA

ER -