云计算外文翻译参考文献

云计算外文翻译参考文献（文档含中英文对照即英文原文和中文翻译）原文：TechnicalIssuesofForensicInvestigationsinCloudComputingEnvironmentsDominikBirkRuhr-UniversityBochumHorstGoertzInstituteforITSecurityBochum,GermanyRuhr-UniversityBochumHorstGoertzInstituteforITSecurityBochum,GermanyAbstract—CloudComputingisarguablyoneofthemostdiscussed1informationtechnologiestoday.Itpresentsmanypromisingtechnologicalandeconomicalopportunities.However,manycustomersremainreluctanttomovetheirbusinessITinfrastructurecompletelytothecloud.OneoftheirmainconcernsisCloudSecurityandthethreatoftheunknown.CloudServiceProviders(CSP)encouragethisperceptionbynotlettingtheircustomersseewhatisbehindtheirvirtualcurtain.Aseldomlydiscussed,butinthisregardhighlyrelevantopenissueistheabilitytoperformdigitalinvestigations.Thiscontinuestofuelinsecurityonthesidesofbothprovidersandcustomers.CloudForensicsconstitutesanewanddisruptivechallengeforinvestigators.Duetothedecentralizednatureofdataprocessinginthecloud,traditionalapproachestoevidencecollectionandrecoveryarenolongerpractical.Thispaperfocusesonthetechnicalaspectsofdigitalforensicsindistributedcloudenvironments.Wecontributebyassessingwhetheritispossibleforthecustomerofcloudcomputingservicestoperformatraditionaldigitalinvestigationfromatechnicalpointofview.Furthermorewediscusspossiblesolutionsandpossiblenewmethodologieshelpingcustomerstoperformsuchinvestigations.INTRODUCTIONAlthoughthecloudmightappearattractivetosmallaswellastolargecompanies,itdoesnotcomealongwithoutitsownuniqueproblems.Outsourcingsensitivecorporatedataintothecloudraisesconcernsregardingtheprivacyandsecurityofdata.Securitypolicies,companiesmainpillarconcerningsecurity,cannotbeeasilydeployedintodistributed,virtualizedcloudenvironments.Thissituationisfurthercomplicatedbytheunknownphysicallocationofthecompanie’sassets.Normally,ifasecurityincidentoccurs,thecorporatesecurityteamwantstobeabletoperformtheirowninvestigationwithoutdependencyonthirdparties.Inthecloud,thisisnotpossibleanymore:TheCSPobtainsallthepowerovertheenvironmentandthuscontrolsthesourcesofevidence.Inthebestcase,atrustedthirdpartyactsasatrusteeandguaranteesforthetrustworthinessoftheCSP.Furthermore,theimplementationofthetechnicalarchitectureandcircumstanceswithincloudcomputingenvironmentsbiasthewayaninvestigationmaybeprocessed.Indetail,evidencedatahastobeinterpretedbyaninvestigatorinaWewouldliketothankthereviewersforthehelpfulcommentsandDennisHeinson(CenterforAdvancedSecurityResearchDarmstadt-CASED)fortheprofounddiscussionsregardingthelegalaspectsofcloudforensics.propermannerwhichishardlybepossibleduetothelackofcircumstantialinformation.Forauditors,thissituationdoesnotchange:Questionswhoaccessedspecificdataandinformationcannotbeansweredbythecustomers,ifnocorrespondinglogsareavailable.Withtheincreasingdemandforusingthepowerofthecloudforprocessingalsosensibleinformationanddata,enterprisesfacetheissueofDataandProcessProvenanceinthecloud[10].Digitalprovenance,meaningmeta-datathatdescribestheancestryorhistoryofadigitalobject,isacrucialfeatureforforensicinvestigations.Incombinationwithasuitableauthenticationscheme,itprovidesinformationaboutwhocreatedandwhomodifiedwhatkindofdatainthecloud.Thesearecrucialaspectsfordigitalinvestigationsindistributedenvironmentssuchasthecloud.Unfortunately,theaspectsofforensicinvestigationsindistributedenvironmenthavesofarbeenmostlyneglectedbytheresearchcommunity.Currentdiscussioncentersmostlyaroundsecurity,privacyanddataprotectionissues[35],[9],[12].Theimpactofforensicinvestigationsoncloudenvironmentswaslittlenoticedalbeitmentionedbytheauthorsof[1]in2009:”[...]toourknowledge,noresearchhasbeenpublishedonhowcloudcomputingenvironmentsaffectdigitalartifacts,andonacquisitionlogisticsandlegalissuesrelatedtocloudcomputingenvironments.”Thisstatementisalsoconfirmedbyotherauthors[34],[36],[40]stressingthatfurtherresearchonincidenthandling,evidencetrackingandaccountabilityincloudenvironmentshastobedone.Atthesametime,massiveinvestmentsarebeingmadeincloudtechnology.Combinedwiththefactthatinformationtechnologyincreasinglytranscendentspeoples5privateandprofessionallife,thusmirroringmoreandmoreofpeoples5actions,itbecomesapparentthatevidencegatheredfromcloudenvironmentswillbeofhighsignificancetolitigationorcriminalproceedingsinthefuture.Withinthiswork,wefocusthenotionofcloudforensicsbyaddressingthetechnicalissuesofforensicsinallthreemajorcloudservicemodelsandconsidercross-disciplinaryaspects.Moreover,weaddresstheusabilityofvarioussourcesofevidenceforinvestigativepurposesandproposepotentialsolutionstotheissuesfromapracticalstandpoint.Thisworkshouldbeconsideredasasurveyingdiscussionofanalmostunexploredresearcharea.Thepaperisorganizedasfollows:Wediscusstherelatedworkandthefundamentaltechnicalbackgroundinformationofdigitalforensics,cloudcomputingandthefaultmodelinsectionIIandIII.InsectionIV,wefocusonthetechnicalissuesofcloudforensicsanddiscussthepotentialsourcesandnatureofdigitalevidenceaswellasinvestigationsinXaaSenvironmentsincludingthecross-disciplinaryaspects.WeconcludeinsectionVRELATEDWORKVariousworkshavebeenpublishedinthefieldofcloudsecurityandprivacy[9],[35],[30]focussingonaspectsforprotectingdatainmulti-tenant,virtualizedenvironments.Desiredsecuritycharacteristicsforcurrentcloudinfrastructuresmainlyrevolvearoundisolationofmulti-tenantplatforms[12],securityofhypervisorsinordertoprotectvirtualizedguestsystemsandsecurenetworkinfrastructures[32].Albeitdigitalprovenance,describingtheancestryofdigitalobjects,stillremainsachallengingissueforcloudenvironments,severalworkshavealreadybeenpublishedinthisfield[8],[10]contributingtotheissuesofcloudforensis.Withinthiscontext,cryptographicproofsforverifyingdataintegritymainlyincloudstorageoffershavebeenproposed,yetlackingofpracticalimplementations[24],[37],[23].Traditionalcomputerforensicshasalreadywellresearchedmethodsforvariousfieldsofapplication[4],[5],[6],[11],[13].Alsotheaspectsofforensicsinvirtualsystemshavebeenaddressedbyseveralworks[2],[3],[20]includingthenotionofvirtualintrospection[25].Inaddition,theNISTalreadyaddressedWebServiceForensics[22]whichhasahugeimpactoninvestigationprocessesincloudcomputingenvironments.Incontrast,theaspectsofforensicinvestigationsincloudenvironmentshavemostlybeenneglectedbyboththeindustryandtheresearchcommunity.OneofthefirstpapersfocusingonthistopicwaspublishedbyWolthusen[40]afterBebeeetalalreadyintroducedproblemswithincloudenvironments[1].Wolthusenstressedthatthereisaninherentstrongneedforinterdisciplinaryworklinkingtherequirementsandconceptsofevidencearisingfromthelegalfieldtowhatcanbefeasiblyreconstructedandinferredalgorithmicallyorinanexploratorymanner.In2010,Grobaueretal[36]publishedapaperdiscussingtheissuesofincidentresponseincloudenvironments-unfortunatelynospecificissuesandsolutionsofcloudforensicshavebeenproposedwhichwillbedonewithinthiswork.TECHNICALBACKGROUNDTraditionalDigitalForensicsThenotionofDigitalForensicsiswidelyknownasthepracticeofidentifying,extractingandconsideringevidencefromdigitalmedia.Unfortunately,digitalevidenceisbothfragileandvolatileandthereforerequirestheattentionofspecialpersonnelandmethodsinordertoensurethatevidencedatacanbeproperisolatedandevaluated.Normally,theprocessofadigitalinvestigationcanbeseparatedintothreedifferentstepseachhavingitsownspecificpurpose:IntheSecuringPhase,themajorintentionisthepreservationofevidenceforanalysis.Thedatahastobecollectedinamannerthatmaximizesitsintegrity.Thisisnormallydonebyabitwisecopyoftheoriginalmedia.Ascanbeimagined,thisrepresentsahugeprobleminthefieldofcloudcomputingwhereyouneverknowexactlywhereyourdataisandadditionallydonothaveaccesstoanyphysicalhardware.However,thesnapshottechnology,discussedinsectionIV-B3,providesapowerfultooltofreezesystemstatesandthusmakesdigitalinvestigations,atleastinIaaSscenarios,theoreticallypossible.WerefertotheAnalyzingPhaseasthestageinwhichthedataissiftedandcombined.Itisinthisphasethatthedatafrommultiplesystemsorsourcesispulledtogethertocreateascompleteapictureandeventreconstructionaspossible.Especiallyindistributedsysteminfrastructures,thismeansthatbitsandpiecesofdataarepulledtogetherfordecipheringtherealstoryofwhathappenedandforprovidingadeeperlookintothedata.Finally,attheendoftheexaminationandanalysisofthedata,theresultsofthepreviousphaseswillbereprocessedinthePresentationPhase.Thereport,createdinthisphase,isacompilationofallthedocumentationandevidencefromtheanalysisstage.Themainintentionofsuchareportisthatitcontainsallresults,itiscompleteandcleartounderstand.Apparently,thesuccessofthesethreestepsstronglydependsonthefirststage.Ifitisnotpossibletosecurethecompletesetofevidencedata,noexhaustiveanalysiswillbepossible.However,inrealworldscenariosoftenonlyasubsetoftheevidencedatacanbesecuredbytheinvestigator.Inaddition,animportantdefinitioninthegeneralcontextofforensicsisthenotionofaChainofCustody.Thischainclarifieshowandwhereevidenceisstoredandwhotakespossessionofit.Especiallyforcaseswhicharebroughttocourtitiscrucialthatthechainofcustodyispreserved.CloudComputingAccordingtotheNIST[16],cloudcomputingisamodelforenablingconvenient,on-demandnetworkaccesstoasharedpoolofconfigurablecomputingresources(e.g.,networks,servers,storage,applicationsandservices)thatcanberapidlyprovisionedandreleasedwithminimalCSPinteraction.Thenewrawdefinitionofcloudcomputingbroughtseveralnewcharacteristicssuchasmulti-tenancy,elasticity,pay-as-you-goandreliability.Withinthiswork,thefollowingthreemodelsareused:IntheInfrastructureasaService(IaaS)model,thecustomerisusingthevirtualmachineprovidedbytheCSPforinstallinghisownsystemonit.Thesystemcanbeusedlikeanyotherphysicalcomputerwithafewlimitations.However,theadditivecustomerpoweroverthesystemcomesalongwithadditionalsecurityobligations.PlatformasaService(PaaS)offeringsprovidethecapabilitytodeployapplicationpackagescreatedusingthevirtualdevelopmentenvironmentsupportedbytheCSP.Fortheefficiencyofsoftwaredevelopmentprocessthisservicemodelcanbepropellent.IntheSoftwareasaService(SaaS)model,thecustomermakesuseofaservicerunbytheCSPonacloudinfrastructure.InmostofthecasesthisservicecanbeaccessedthroughanAPIforathinclientinterfacesuchasawebbrowser.Closed-sourcepublicSaaSofferssuchasAmazonS3andGoogleMailcanonlybeusedinthepublicdeploymentmodelleadingtofurtherissuesconcerningsecurity,privacyandthegatheringofsuitableevidences.Furthermore,twomaindeploymentmodels,privateandpubliccloudhavetobedistinguished.Commonpubliccloudsaremadeavailabletothegeneralpublic.ThecorrespondinginfrastructureisownedbyoneorganizationactingasaCSPandofferingservicestoitscustomers.Incontrast,theprivatecloudisexclusivelyoperatedforanorganizationbutmaynotprovidethescalabilityandagilityofpublicoffers.Theadditionalnotionsofcommunityandhybridcloudarenotexclusivelycoveredwithinthiswork.However,independentlyfromthespecificmodelused,themovementofapplicationsanddatatothecloudcomesalongwithlimitedcontrolforthecustomerabouttheapplicationitself,thedatapushedintotheapplicationsandalsoabouttheunderlyingtechnicalinfrastructure.FaultModelBeitanaccountforaSaaSapplication,adevelopmentenvironment(PaaS)oravirtualimageofanIaaSenvironment,systemsinthecloudcanbeaffectedbyinconsistencies.Hence,forbothcustomerandCSPitiscrucialtohavetheabilitytoassignfaultstothecausingparty,eveninthepresenceofByzantinebehavior[33].Generally,inconsistenciescanbecausedbythefollowingtworeasons:MaliciouslyIntendedFaultsInternalorexternaladversarieswithspecificmaliciousintentionscancausefaultsoncloudinstancesorapplications.EconomicrivalsaswellasformeremployeescanbethereasonforthesefaultsandstateaconstantthreattocustomersandCSP.Inthismodel,alsoamaliciousCSPisincludedalbeitheisassumedtoberareinrealworldscenarios.Additionally,fromthetechnicalpointofview,themovementofcomputingpowertoavirtualized,multi-tenantenvironmentcanposefurtherthreadsandriskstothesystems.Onereasonforthisisthatifasinglesystemorserviceinthecloudiscompromised,allotherguestsystemsandeventhehostsystemareatrisk.Hence,besidestheneedforfurthersecuritymeasures,precautionsforpotentialforensicinvestigationshavetobetakenintoconsideration.UnintentionalFaultsInconsistenciesintechnicalsystemsorprocessesintheclouddonothaveimplicitlytobecausedbymaliciousintent.Internalcommunicationerrorsorhumanfailurescanleadtoissuesintheservicesofferedtothecostumer(i.e.lossormodificationofdata).Althoughthesefailuresarenotcausedintentionally,boththeCSPandthecustomerhaveastrongintentiontodiscoverthereasonsanddeploycorrespondingfixes.TECHNICALISSUESDigitalinvestigationsareaboutcontrolofforensicevidencedata.Fromthetechnicalstandpoint,thisdatacanbeavailableinthreedifferentstates:atrest,inmotionorinexecution.Dataatrestisrepresentedbyallocateddiskspace.Whetherthedataisstoredinadatabaseorinaspecificfileformat,itallocatesdiskspace.Furthermore,ifafileisdeleted,thediskspaceisde-allocatedfortheoperatingsystembutthedataisstillaccessiblesincethediskspacehasnotbeenre-allocatedandoverwritten.Thisfactisoftenexploitedbyinvestigatorswhichexplorethesede-allocateddiskspaceonharddisks.Incasethedataisinmotion,dataistransferredfromoneentitytoanothere.g.atypicalfiletransferoveranetworkcanbeseenasadatainmotionscenario.Severalencapsulatedprotocolscontainthedataeachleavingspecifictracesonsystemsandnetworkdeviceswhichcaninreturnbeusedbyinvestigators.Datacanbeloadedintomemoryandexecutedasaprocess.Inthiscase,thedataisneitheratrestorinmotionbutinexecution.Ontheexecutingsystem,processinformation,machineinstructionandallocated/de-allocateddatacanbeanalyzedbycreatingasnapshotofthecurrentsystemstate.Inthefollowingsections,wepointoutthepotentialsourcesforevidentialdataincloudenvironmentsanddiscussthetechnicalissuesofdigitalinvestigationsinXaaSenvironmentsaswellassuggestseveralsolutionstotheseproblems.A.SourcesandNatureofEvidenceConcerningthetechnicalaspectsofforensicinvestigations,theamountofpotentialevidenceavailabletotheinvestigatorstronglydivergesbetweenthedifferentcloudserviceanddeploymentmodels.Thevirtualmachine(VM),hostinginmostofthecasestheserverapplication,providesseveralpiecesofinformationthatcouldbeusedbyinvestigators.Onthenetworklevel,networkcomponentscanprovideinformationaboutpossiblecommunicationchannelsbetweendifferentpartiesinvolved.Thebrowserontheclient,actingoftenastheuseragentforcommunicatingwiththecloud,alsocontainsalotofinformationthatcouldbeusedasevidenceinaforensicinvestigation.Independentlyfromtheusedmodel,thefollowingthreecomponentscouldactassourcesforpotentialevidentialdata.VirtualCloudInstance:TheVMwithinthecloud,wherei.e.dataisstoredorprocessesarehandled,containspotentialevidence[2],[3].Inmostofthecases,itistheplacewhereanincidenthappenedandhenceprovidesagoodstartingpointforaforensicinvestigation.TheVMinstancecanbeaccessedbyboth,theCSPandthecustomerwhoisrunningtheinstance.Furthermore,virtualintrospectiontechniques[25]provideaccesstotheruntimestateoftheVMviathehypervisorandsnapshottechnologysuppliesapowerfultechniqueforthecustomertofreezespecificstatesoftheVM.Therefore,virtualinstancescanbestillrunningduringanalysiswhichleadstothecaseofliveinvestigations[41]orcanbeturnedoffleadingtostaticimageanalysis.InSaaSandPaaSscenarios,theabilitytoaccessthevirtualinstanceforgatheringevidentialinformationishighlylimitedorsimplynotpossible.NetworkLayer:Traditionalnetworkforensicsisknownastheanalysisofnetworktrafficlogsfortracingeventsthathaveoccurredinthepast.SincethedifferentISO/OSInetworklayersprovideseveralinformationonprotocolsandcommunicationbetweeninstanceswithinaswellaswithinstancesoutsidethecloud[4],[5],[6],networkforensicsistheoreticallyalsofeasibleincloudenvironments.Howeverinpractice,ordinaryCSPcurrentlydonotprovideanylogdatafromthenetworkcomponentsusedbythecustomdn&tasicesorapplications.Forinstance,incaseofamalwareinfectionofanIaaSVM,itwillbedifficultfortheinvestigatortogetanyformofroutinginformationandnetworklogdataingeneralwhichiscrucialforfurtherinvestigativesteps.ThissituationgetsevenmorecomplicatedincaseofPaaSorSaaS.Soagain,thesituationofgatheringforensicevidenceisstronglyaffectedbythesupporttheinvestigatorreceivesfromthecustomerandtheCSP.ClientSystem:Onthesystemlayeroftheclient,itcompletelydependsontheusedmodel(IaaS,PaaS,SaaS)ifandwherepotentialevidencecouldbeextracted.Inmostofthescenarios,theuseragent(e.g.thewebbrowser)ontheclientsystemistheonlyapplicationthatcommunicateswiththeserviceinthecloud.ThisespeciallyholdsforSaaSapplicationswhichareusedandcontrolledbythewebbrowser.ButalsoinIaaSscenarios,theadministrationinterfaceisoftencontrolledviathebrowser.Hence,inanexhaustiveforensicinvestigation,theevidencedatagatheredfromthebrowserenvironment[7]shouldnotbeomitted.BrowserForensics:Generally,thecircumstancesleadingtoaninvestigationhavetobedifferentiated:Inordinaryscenarios,themaingoalofaninvestigationofthewebbrowseristodetermineifauserhasbeenvictimofacrime.IncomplexSaaSscenarioswithhighclient-serverinteraction,thisconstitutesadifficulttask.Additionally,customersstronglymakeuseofthird-partyextensions[17]whichcanbeabusedformaliciouspurposes.Hence,theinvestigatormightwanttolookformaliciousextensions,searchesperformed,websitesvisited,filesdownloaded,informationenteredinformsorstoredinlocalHTML5stores,web-basedemailcontentsandpersistentbrowsercookiesforgatheringpotentialevidencedata.Withinthiscontext,itisinevitabletoinvestigatetheappearanceofmaliciousJavaScript[18]leadingtoe.g.unintendedAJAXrequestsandhencemodifiedusageofadministrationinterfaces.Generally,thewebbrowsercontainsalotofelectronicevidencedatathatcouldbeusedtogiveananswertobothoftheabovequestions-eveniftheprivatemodeisswitchedon[19].B.InvestigationsinXaaSEnvironmentsTraditionaldigitalforensicmethodologiespermitinvestigatorstoseizeequipmentandperformdetailedanalysisonthemediaanddatarecovered[11].Inadistributedinfrastructureorganizationlikethecloudcomputingenvironment,investigatorsareconfrontedwithanentirelydifferentsituation.Theyhavenolongertheoptionofseizingphysicaldatastorage.Dataandprocessesofthecustomeraredispensedoveranundisclosedamountofvirtualinstances,applicationsandnetworkelements.Hence,itisinquestionwhetherpreliminaryfindingsofthecomputerforensiccommunityinthefieldofdigitalforensicsapparentlyhavetoberevisedandadaptedtothenewenvironment.Withinthissection,specificissuesofinvestigationsinSaaS,PaaSandIaaSenvironmentswillbediscussed.Inaddition,cross-disciplinaryissueswhichaffectseveralenvironmentsuniformly,willbetakenintoconsideration.Wealsosuggestpotentialsolutionstothementionedproblems.1)SaaSEnvironments:EspeciallyintheSaaSmodel,thecustomerdoesnotobtainanycontroloftheunderlyingoperatinginfrastructuresuchasnetwork,servers,operatingsystemsortheapplicationthatisused.Thismeansthatnodeeperviewintothesystemanditsunderlyinginfrastructureisprovidedtothecustomer.Onlylimiteduserspecificapplicationconfigurationsettingscanbecontrolledcontributingtotheevidenceswhichcanbeextractedfromtheclient(seesectionIV-A3).Inalotofcasesthisurgestheinvestigatortorelyonhigh-levellogswhichareeventuallyprovidedbytheCSP.GiventhecasethattheCSPdoesnotrunanyloggingapplication,thecustomerhasnoopportunitytocreateanyusefulevidencethroughtheinstallationofanytoolkitorloggingtool.ThesecircumstancesdonotallowavalidforensicinvestigationandleadtotheassumptionthatcustomersofSaaSoffersdonothaveanychancetoanalyzepotentialincidences.a)DataProvenance:ThenotionofDigitalProvenanceisknownasmeta-datathatdescribestheancestryorhistoryofdigitalobjects.Secureprovenancethatrecordsownershipandprocesshistoryofdataobjectsisvitaltothesuccessofdataforensicsincloudenvironments,yetitisstillachallengingissuetoday[8].AlbeitdataprovenanceisofhighsignificancealsoforIaaSandPaaS,itstatesahugeproblemspecificallyforSaaS-basedapplications:CurrentglobalactingpublicSaaSCSPofferSingleSign-On(SSO)accesscontroltothesetoftheirservices.Unfortunatelyincaseofanaccountcompromise,mostoftheCSPdonotofferanypossibilityforthecustomertofigureoutwhichdataandinformationhasbeenaccessedbytheadversary.Forthevictim,thissituationcanhavetremendousimpact:Ifsensitivedatahasbeencompromised,itisunclearwhichdatahasbeenleakedandwhichhasnotbeenaccessedbytheadversary.Additionally,datacouldbemodifiedordeletedbyanexternaladversaryorevenbytheCSPe.g.duetostoragereasons.Thecustomerhasnoabilitytoproofotherwise.SecureprovenancemechanismsfordistributedenvironmentscanimprovethissituationbuthavenotbeenpracticallyimplementedbyCSP[10].SuggestedSolution:InprivateSaaSscenariosthissituationisimprovedbythefactthatthecustomerandtheCSPareprobablyunderthesameauthority.Hence,loggingandprovenancemechanismscouldbeimplementedwhichcontributetopotentialinvestigations.Additionally,theexactlocationoftheserversandthedataisknownatanytime.PublicSaaSCSPshouldofferadditionalinterfacesforthepurposeofcompliance,forensics,operationsandsecuritymatterstotheircustomers.ThroughanAPI,thecustomersshouldhavetheabilitytoreceivespecificinformationsuchasaccess,errorandeventlogsthatcouldimprovetheirsituationincaseofaninvestigation.Furthermore,duetothelimitedabilityofreceivingforensicinformationfromtheserverandproofingintegrityofstoreddatainSaaSscenarios,theclienthastocontributetothisprocess.ThiscouldbeachievedbyimplementingProofsofRetrievability(POR)inwhichaverifier(client)isenabledtodeterminethataprover(server)possessesafileordataobjectanditcanberetrievedunmodified[24].ProvableDataPossession(PDP)techniques[37]couldbeusedtoverifythatanuntrustedserverpossessestheoriginaldatawithouttheneedfortheclienttoretrieveit.AlthoughthesecryptographicproofshavenotbeenimplementedbyanyCSP,theauthorsof[23]introducedanewdataintegrityverificationmechanismforSaaSscenarioswhichcouldalsobeusedforforensicpurposes.PaaSEnvironments:OneofthemainadvantagesofthePaaSmodelisthatthedevelopedsoftwareapplicationisunderthecontrolofthecustomerandexceptforsomeCSP,thesourcecodeoftheapplicationdoesnothavetoleavethelocaldevelopmentenvironment.Giventhesecircumstances,thecustomerobtainstheoreticallythepowertodictatehowtheapplicationinteractswithotherdependenciessuchasdatabases,storageentitiesetc.CSPnormallyclaimthistransferisencryptedbutthisstatementcanhardlybeverifiedbythecustomer.SincethecustomerhastheabilitytointeractwiththeplatformoverapreparedAPI,systemstatesandspecificapplicationlogscanbeextracted.Howeverpotentialadversaries,whichcancompromisetheapplicationduringruntime,shouldnotbeabletoaltertheselogfilesafterwards.SuggestedSolution:Dependingontheruntimeenvironment,loggingmechanismscouldbeimplementedwhichautomaticallysignandencrypttheloginformationbeforeitstransfertoacentralloggingserverunderthecontrolofthecustomer.Additionalsigningandencryptingcouldpreventpotentialeavesdroppersfrombeingabletoviewandalterlogdatainformationonthewaytotheloggingserver.RuntimecompromiseofanPaaSapplicationbyadversariescouldbemonitoredbypush-onlymechanismsforlogdatapresupposingthattheneededinformationtodetectsuchanattackarelogged.Increasingly,CSPofferingPaaSsolutionsgivedeveloperstheabilitytocollectandstoreavarietyofdiagnosticsdatainahighlyconfigurablewaywiththehelpofruntimefeaturesets[38].IaaSEnvironments:Asexpected,evenvirtualinstancesinthecloudgetcompromisedbyadversaries.Hence,theabilitytodeterminehowdefensesinthevirtualenvironmentfailedandtowhatexte