Memory Forensics in Multi-Tenant Cloud Environment

Abstract

This research study aims to explore and analyze existing forensics techniques applicable to cloud computing, evaluate the security posture of a cloud service provider (CSP), and identify suitable security controls for multi-tenant cloud architectures. Forensic techniques are critical for investigating security incidents and cybercrimes in cloud environments, necessitating an understanding of their application, limitations, and challenges. Additionally, assessing the CSP’s security posture involves evaluating current security controls, identifying vulnerabilities, and ensuring compliance with industry standards. The study focuses on multi-tenant cloud architecture, which presents unique security challenges due to shared resources and data across tenants. The identification and implementation of appropriate security controls, such as access controls, encryption, network segmentation, and regular security assessments, are essential to mitigate risks and safeguard data for each tenant. Conducting experiments revealed significant findings concerning system security and resource management. Non-compliance with access control measures for user accounts, the presence of Certificate Service Providers (CSP), and known vulnerabilities in the Open Source Xen hypervisor were identified. Resource availability limitations were also noted, impacting system performance and availability. As a recommendation, adopting a proprietary hypervisor across all instance classes is v proposed to ensure a consistent and secure virtualization environment. Addressing these findings and implementing necessary improvements can lead to enhanced system security, resource management, and overall performance. While capturing memory images from the cloud, integrity verification remains an unresolved challenge. Future research is encouraged to propose methods for ensuring the integrity of memory images in cloud forensics investigations.