Cloud computing offers a novel computing and storage model that allows performing large calculations possibly in parallel, enabling services to scale on demand according to the number of service requests, and possibly storing large amounts of data. These features are achieved in an automated/autonomic setup without having to manage or pay the cost of a permanently deployed data center. Cloud computing is based on virtualization technologies. Multiple Virtual Machine (VM) guests can be dynamically deployed on a large number of physical hosts. This allows cloud providers to respond to resource request by provisioning or deprovisioning in an on-the-fly fashion the required resources. Virtualization enables additional monitoring/inspection techniques, but it also introduces new threats to guest data privacy. The cloud also represents a big challenge for security and privacy. On the one hand, the cloud opens up the way to new cyberthreats and information security issues which can be exploited by cybercriminals. On the other hand, the cloud model potentially enables more advanced computer forensics techniques, since cloud technology allows seamless retrieval and storage of Virtual Machine status (i.e. VM images). Allowing forensics activities in the cloud requires reconstructing the timeline of actual events even though they take place in VMs that are out of control of the cloud provider. This now is a relevant issue given that even a forensic expert cannot extract useful information when he gets an unreliable sequence of events in the analysis phase of the digital investigation. The overall goal of this project is to guarantee protection of the cloud from is the malicious machine time variation in both hosts and guests. Such malicious alteration further undermines the efficacy of collected digital evidence. Countermeasures have to be put in place in order to protect the original timeline of events in order to be able to reconstruct the original timeline. Source Code for the main project and simulator

• Roberto Di Pietro (P.I.)
• Flavio Lombardi (Postdoc)
• Roberto Battistoni (Bsc)

• A. I. Avetisyan, R. Campbell, I. Gupta, M. T. Heath, and al. Open Cirrus: A Global Cloud Computing Testbed. Computer, April 2010.
• F. Lombardi and R. Di Pietro. Kvmsec: A Security Extension for Linux Kernel Virtual Machines. In SAC 09: Proceedings of the 2009 ACM symposium on Applied Computing
• L.V. Mancini, R. Di Pietro, M. Formica, A. Di Biagio, R. Battistoni. A Live Digital Forensic system for Windows network, IFIP WCC 2008
• R.Battistoni, E. Gabrielli, L.V Mancini. A Host Intrusion Prevention System for Windows Operating Systems, ESORICS 2004
• F. Lombardi and R. Di Pietro. Secure Virtualization for Cloud Computing. Journal of Network and Computer Applications, 2010.
• F. Lombardi and R. Di Pietro. A Security Management Architecture for the Protection of Kernel Virtual Machines. In IEEE TSP 10.