Flogger: First Steps to Tracing Files and Information in the Cloud

Trust is one of the main obstacles to widespread Cloud adoption. In order to increase trust in Cloud computing, we need to increase transparency and accountability of data in the Cloud for both enterprises and end-users. However, current system tools are unable to log file accesses and transfers effectively within a Cloud environment.

 

The TrustCloud research team at HP Labs Singapore has developed the initial proofs-of-concept for Flogger, a novel file-centric logger suitable for both private and public Cloud environments. Flogger records file-centric access and transfer information from within the kernel spaces of both virtual machines (VMs) and physical machines (PMs) in the Cloud, thus giving full transparency of the entire data landscape in the Cloud. This means that for every file event in the VMs, we can also track its corresponding file event and related attributes (e.g. physical location) of the PMs.

 

This opens up several implications and possibilities. For example, services can be built above it to provide Cloud providers, end-users and even regulators with the relevant provenance, e.g. a tool for an end-user to track whether his/ her file was ‘touched’ by an unauthorized user. Malware and malicious insiders can be detected via heuristics over the footprints left by the file access and transfer patterns. Analytics can also be performed over file-centric logs (or flogs) to provide real-time file access violation reports, or even longer-term file forensics.

 

You can read more about the initial developments of HP Labs’ Flogger, and interesting results from the TrustCloud team’s experiments here. This paper also presents compelling future work that will shape the beginnings of a new logging paradigm: distributed VM/ PM file-centric logging.

 

If you find the Flogger paper of interest, I encourage you to check out this related technical report on the TrustCloud framework, which addresses accountability in cloud computing via technical and policy-based approaches. Download the technical report here:TrustCloud: A Framework for Accountability and Trust in Cloud Computing.

 

Let me know what you think about this research.  I welcome your feedback.

 

 

Related links:

Comments
Nadhan | ‎09-07-2011 01:30 PM

Great tool, Ryan!.  Keeping a close tab on the access to cloud-based log files begins to address couple of the key forces that stretch today's CIOs.  Also, environmental access vulnerabilities should always be tested as part of the Applications Security Testing which is extremely vital to the enterprise.

RyanKo | ‎09-15-2011 08:18 PM

@Nadhan - Thanks for the kind words! Yes, the file-centric logs enables transparency and accountability in the Cloud, and effectively addresses 5 of the top 7 threats to cloud computing as stated by CSA. The vulnerabilities of the environment can be also extracted from the signatures and audit trails produced from Floggers in all machines in the Cloud. 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Dr. Ryan K L Ko is a researcher with the Cloud and Security Lab, HP Labs Singapore. He currently leads HP Labs' TrustCloud project and Cloud...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation