OpenFlow Virtual Appliance: An Efficient Security Interface For Cloud Forensic Spyware Robot

OpenFlow Virtual Appliance: An Efficient Security Interface For Cloud Forensic Spyware Robot

Ifeyinwa Eucharia Achumba (Federal University of Technology, Owerri, Nigeria), Kennedy Chinedu Okafor (Federal University of Technology, Owerri, Nigeria), Gloria N. Ezeh (Federal University of Technology, Owerri, Nigeria) and Uchenna Hermes Diala (Federal University of Technology, Owerri, Nigeria)
Copyright: © 2015 |Pages: 22
DOI: 10.4018/IJDCF.2015040103


Network forensics vis-a-vis cloud computing offerings can be leveraged to address the needs of enterprise-grade spyware solutions online. A modular, extensible cloud architecture with intrinsic support for efficient security monitoring is proposed and an implementation architecture which facilitates dynamic interface with OpenFlow hardware to create infinite flexibility in managing security decisions is presented. A forensic DataCenter model that integrates remote security monitoring using an intelligent Virtual Security Gateway in a cloud domain was developed as part of the work. An OpenFlow Virtual Appliance is proposed as a security hardware interface for thin clients connected to the Cloud Sypware Robot (CSR) server. The cloud ontology-Software as a Service (SaaS) model was used for the CSR application conveying several security benefits. The goal is to facilitate an open, service-based, online network forensics application that is transparently provisioned for users. The paper proposes a security foundation for next-generation enterprise-grade cloud computing.
Article Preview

1. Introduction

1.1. Background of Study

In many real world applications such as the earlier proposed Smart Green Energy Management System (SGEMS) which uses the DCCN (Okafor, Ugwoke, & Oparaku, 2015) to house the Enterprise Energy Analytic Tracking Cloud Portal EEATCP and Cloud Sypware Robot (CSR), sensitive data are kept in physical server machines. When a hacker exploits the server vulnerabilities, little or no damage can be done to the log files because the OFVA is shielding the log files. It is possible to forensically monitor the entire network and still deliver the required Quality of Service (QoS). The network forensics presented in this paper offers a computationally cost effective approach for generating audit or log trails prior to the logging into the network server that runs the CSR. This makes it difficult for an attacker to launch a read, modify or destroy attack on the DCCN. This paper establishes an OFVA as a special type of network forensics module that monitors the network users and their activities with little overhead on the network performance.

According to (Palmer, 2001), network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. There are numerous areas of digital forensics, but a distinguishing feature of network investigations is that it deals with volatile and dynamic information. The two broad application areas of network forensics are: security monitoring which involves monitoring a network for anomalous traffic and detecting intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis (Hjelmvik, 2012). The second form of network forensics relates to law enforcement. In this context, analysis of captured network traffic is the major consideration.

With cloud computing virtualization, computing as a network-centric pool could facilitate outside disk-based digital evidence. Two approaches that are commonly used to collect network data: a brute force “catch it as you can” and a more intelligent “stop look listen” method. Both approaches were applied in the Cloud forensic robot design. For the CSR, this could either be deployed in a Virtual Local Area Network (VLAN) based switch (Tariq, Mansy, Feamster, & Ammar, 2009) or an OpenFlow based switch (Bianco, Birke, Giraudo, & Palacin, 2010) (Heller, 2014). The security framework of CSR leverages and extends the advantages of OFVA and cloud virtualization. It also embeds autonomous management capabilities into the OpenFlow hardware infrastructure. Furthermore, the advent of Software Defined Networking (SDN) (Bianco, Birke, Giraudo, & Palacin, 2010) as a scheme that separates the data and control functions of networking devices with a well-defined Application Programming Interface (API) allows background processes for security monitoring (see figure 1). This makes the security framework more robust than in traditional large enterprise networks in which the security devices such as switches and routers encompass both data and control functions.

Figure 1.

SDN logical structure (Stallings, 2013)

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2019): 1 Released, 3 Forthcoming
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing