Distributed Cloud Forensic System with Decentralization and Multi-participation

  • Xuanyu Liu
  • Xiao FuEmail author
  • Bin Luo
  • Xiaojiang Du
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 230)


A considerable number of cloud forensic systems and tools have been proposed in recent years. Trust issue of digital evidence, a significant security topic, is indispensable for cloud forensics systems. In this paper, we propose a different cloud forensic system—Distributed Cloud Forensic System with Decentralization and Multi-participation (DCFS). The DCFS is set in an untrusted and multi-tenancy cloud environment, and it is assumed that cloud users, cloud employees, or forensic investigators can be dishonest. The DCFS, which is different from existing centralized cloud forensic systems, is a distributed and decentralized system that does not rely on any single node or any third party to obtain credible evidence from the cloud. Trust is divided into all participants in the DCFS, and these participants supervise each other. A distributed public ledger is maintained in the DCFS, and this ledger records all the proofs of forensic evidence along with other useful information. This ledger can enhance the credibility and integrity of forensic evidence to some degree and complete the chain of custody in forensic investigation. The forensic evidence, which are provided by the cloud employees, presented to the court of law using the DCFS will be more trustful.


Cloud forensics Data provenance Byzantine faults Distributed systems Decentralization Multi-participation 


  1. 1.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. HotCloud 9(9), 3 (2009)Google Scholar
  2. 2.
    Pilkington, M.: Blockchain technology: principles and applications (2015)Google Scholar
  3. 3.
    Lamport, L., Shostak, R., Pease, M.: The Byzantine general problem. ACM Trans. Program. Lang. Syst. (TOPLAS) 4(3), 382–401 (1982)CrossRefGoogle Scholar
  4. 4.
    Moreau, L., Clifford, B., Freire, J., et al.: The open provenance model core specification (v1.1). Future Gener. Comput. Syst. 27(6), 743–756 (2011)CrossRefGoogle Scholar
  5. 5.
    Lee, K.H., Zhang, X., Xu, D.: High accuracy attack provenance via binary-based execution partition. In: NDSS (2013)Google Scholar
  6. 6.
    Lee, K.H., Zhang, X., Xu, D.: LogGC: garbage collecting audit log. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 1005–1016. ACM (2013)Google Scholar
  7. 7.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). Scholar
  8. 8.
    Castro, M., Liskov, B.: Practical Byzantine fault tolerance. In: OSDI, vol. 99, pp. 173–186 (1999)Google Scholar
  9. 9.
    Bracha, G., Toueg, S.: Asynchronous consensus and broadcast protocols. J. ACM (JACM) 32(4), 824–840 (1985)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Merkel, D.: Docker: lightweight linux containers for consistent development and deployment. Linux J. 2014(239), 2 (2014)Google Scholar
  11. 11.
    Dykstra, J., Sherman, A.T.: Design and implementation of FROST: digital forensic tools for the OpenStack cloud computing platform. Digit. Invest. 10, S87–S95 (2013)CrossRefGoogle Scholar
  12. 12.
    gRPC Homepage.
  13. 13.
    Muniswamy-Reddy, K.K., Holland, D.A., Braun, U., et al.: Provenance-aware storage systems. In: USENIX Annual Technical Conference, General Track, pp. 43–56 (2006)Google Scholar
  14. 14.
    Macko, P., Chiarini, M., Seltzer, M., et al.: Collecting provenance via the Xen Hypervisor. In: TaPP (2011)Google Scholar
  15. 15.
    Gehani, A., Tariq, D.: SPADE: support for provenance auditing in distributed environments. In: Narasimhan, P., Triantafillou, P. (eds.) Middleware 2012. LNCS, vol. 7662, pp. 101–120. Springer, Heidelberg (2012). Scholar
  16. 16.
    Sar, C., Cao, P.: Lineage file system, pp. 411–414 (2005).
  17. 17.
    Pohly, D.J., McLaughlin, S., McDaniel, P., et al.: Hi-Fi: collecting high-fidelity whole-system provenance. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 259–268. ACM (2012)Google Scholar
  18. 18.
    Bates, A.M., Tian, D., Butler, K.R.B., et al.: Trustworthy whole-system provenance for the Linux Kernel. In: Usenix Security, pp. 319–334 (2015)Google Scholar
  19. 19.
    Muniswamy-Reddy, K.K., Braun, U., Holland, D.A., et al.: Layering in provenance systems. In: USENIX Annual Technical Conference (2009)Google Scholar
  20. 20.
    Macko, P., Seltzer, M.A.: General-purpose provenance library. In: TaPP (2012)Google Scholar
  21. 21.
    Carata, L., Sohan, R., Rice, A., et al.: IPAPI: designing an improved provenance API. Presented as Part of the 5th USENIX Workshop on the Theory and Practice of Provenance (2013)Google Scholar
  22. 22.
    Akoush, S., Sohan, R., Hopper, A.: HadoopProv: towards provenance as a first class citizen in MapReduce. In: TaPP (2013)Google Scholar
  23. 23.
    Dietz, M., Shekhar, S., Pisetsky, Y., et al.: QUIRE: lightweight provenance for smart phone operating systems. In: USENIX Security Symposium, vol. 31 (2011)Google Scholar
  24. 24.
    Backes, M., Bugiel, S., Gerling, S., Scippa: system-centric IPC provenance on Android. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 36–45. ACM (2014)Google Scholar
  25. 25.
    Zhou, W., Fei, Q., Narayan, A., et al.: Secure network provenance. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 295–310. ACM (2011)Google Scholar
  26. 26.
    Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 219–230. ACM (2013)Google Scholar
  27. 27.
    Li, J., Chen, X., Huang, Q., et al.: Digital provenance: enabling secure data forensics in cloud computing. Future Gener. Comput. Syst. 37, 259–266 (2014)CrossRefGoogle Scholar
  28. 28.
    Lu, R., Lin, X., Liang, X., et al.: Secure provenance: the essential of bread and butter of data forensics in cloud computing. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 282–292. ACM (2010)Google Scholar
  29. 29.
    Cheng, Y., Fu, X., Du, X., Luo, B., Guizani, M.: A lightweight live memory forensic approach based on hardware virtualization. Inf. Sci. 379, 23–41 (2017)CrossRefGoogle Scholar
  30. 30.
    Fu, X., Du, X., Luo, B.: Data correlation-based analysis method for automatic memory forensics. Secur. Commun. Netw. 8(18), 4213–4226 (2015)CrossRefGoogle Scholar
  31. 31.
    Wu, L., Du, X.: MobiFish: a lightweight anti-phishing scheme for mobile phones. In: Proceedings of the 23rd International Conference on Computer Communications and Networks (ICCCN), Shanghai, China, August 2014Google Scholar
  32. 32.
    Wu, L., Du, X., Fu, X.: Security threats to mobile multimedia applications: camera-based attacks on mobile phones. IEEE Commun. Mag. 52(3), 80–87 (2014)CrossRefGoogle Scholar
  33. 33.
    Du, X., Xiao, Y., Guizani, M., Chen, H.H.: An effective key management scheme for heterogeneous sensor networks. Ad Hoc Netw. 5(1), 24–34 (2007)CrossRefGoogle Scholar
  34. 34.
    Du, X., Guizani, M., Xiao, Y., Chen, H.H.: A routing-driven elliptic curve cryptography based key management scheme for heterogeneous sensor networks. IEEE Trans. Wirel. Commun. 8(3), 1223–1229 (2009)CrossRefGoogle Scholar
  35. 35.
    Haeberlen, A., Kouznetsov, P., Druschel, P.: PeerReview: practical accountability for distributed systems. ACM SIGOPS Oper. Syst. Rev. 41(6), 175–188 (2007)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.State Key Laboratory for Novel Software TechnologyNanjing UniversityNanjingChina
  2. 2.Department of Computer and Information SciencesTemple UniversityPhiladelphiaUSA

Personalised recommendations