Author :
Saxon, John ; Bordbar, Behzad ; Harrison, Keith
Abstract :
Although the deployment of TLS has been of great importance to its users in preventing eavesdroppers from reading personal data, it also prevents intrusion detection systems (IDSs) from completing their own tasks, as they are, in essence, eavesdroppers themselves. Cloud providers specifically are at risk because of the pure mass of data they accrue over the many applications they serve, so they have a responsibility to protect both themselves and their users. Without the keys, however, they can´t provide the service they require. A method to acquire these keys is to use virtual machine introspection (VMI), a technique that allows an application to read the internal state of a virtual machine. Current methods are expensive and require the application to read the entire virtual machine´s memory. The authors present an efficient approach to acquire RSA keys, commonly used on the Internet, using the forensic virtual machine (FVM) framework. This framework provides the ability, from another virtual machine to use VMI to find, analyze, and act on these findings.
Keywords :
cloud computing; digital forensics; public key cryptography; virtual machines; FVM framework; IDS; Internet; RSA key material; TLS; VMI; cloud provider; eavesdropper; forensic virtual machine framework; intrusion detection system; personal data; virtual machine introspection; virtual machine memory; Ciphers; Cloud computing; Forensics; Operating systems; Random access memory; Virtual machining; asymmetric cryptography; cloud; cloud computing; forensics; key retrieval; virtual machine introspection;
