Asee peer logo

Security Incident Tracking in Virtualized Linux Environment

Download Paper |


2014 ASEE Annual Conference & Exposition


Indianapolis, Indiana

Publication Date

June 15, 2014

Start Date

June 15, 2014

End Date

June 18, 2014



Conference Session

Information and Network Security

Tagged Division

Computing & Information Technology

Page Count


Page Numbers

24.1075.1 - 24.1075.13



Permanent URL

Download Count


Request a correction

Paper Authors


Manghui Tu Purdue University Calumet

visit author page

Assistant Professor, Computer Information Technology, Purdue University Calumet, USA. He received his Ph.D. degree of computer science from the University of Texas at Dallas in December 2006. His research interests include distributed computing, information security, and computer forensics.

visit author page


Shiming Xue Purdue University Calumet

visit author page

Address: 6943 Wicker Ave E-mail:
Hammond, IN, U.S 46323 Cell: +1 (765) 404-9776


Purdue University Calumet, Hammond, IN Jul 2014(expected)
Bachelor of Science in Computer Info Technology
Department of Computer Info Tech Graphic
Courses: Integrative Programming, Networking Technologies, Discrete Mathematics for IT, Applied Database Tech, Data Communication and Networking.

Projects and Activities:
 Created a customer/employee management system with windows server 2008 R2
 Created the database and few Web Pages that help to update, insert, and delete data for a customer and employees.
 Created a Minesweeper with the C# by Visual studio 2010
 Created a minesweeper game, which can set mines' number.
 Created a high school grade management system with the Basic C by Visual Studio 2010
 Created a database for a high school which could help the school manage their students' grades

Huaqing Computer LLC, Pujiang, China June 2007- July 2007
Intern Consultant
 Maintained WINDOWS/UNIX operation system for customers and initiated new computers by installing the computer operation systems Vista/XP and by setting up the working environment.
 Diagnosed and fixed the problems on both software and hardware of the computers for customer supporting.

Sony Ericsson Mobile Communication (China) Ltd., Beijing, China Dec2011-Jan 2012
Intern Consultant
 Checked the credit files and preparation of disbursement checks for different departments
 Checked monthly trading volume, and provided the trading volume to the department header
 Practiced leadership skills and assisted the department header to leader the team
 Guided my group to complete financial statement


SQL Server 2008 R2:
Create database, Create tables, Insert data to the tables, create store procedures.

Oracle 10g:
Create database, Create tables, Insert, Update data to the tables

Visual Studio 2010
Create C# program, Create Web Pages with aspx, can create normal web application to finish the

Microsoft Excel:
Insert data, Create bar charts or pie charts for the data, use the formula to complete the data inserting and updating

Microsoft Visio:
Crete the flowchart for processing a project

Virtual machine 7.0:
Run the Virtual system: Windows Server 2003sq

OTHERS: English (Fluent), Chinese (Mother Tongue)

Semester Honors and Dean's List (Distinguished student awards) FALL 2010

visit author page

Download Paper |


Abstract —While virtualization has been a key technology that can be leveraged to achievebusiness benefits, virtualized environment provides a heaven for malicious and criminal activities.We can expect to witness the increase of illegal activities in virtualized environments asvirtualization gains its popularity. Meanwhile, numerous digital security and privacy laws andregulations have put business and organizations under obligations to prepare for auditing andlegal investigations. Therefore, businesses must prepare for the responsiveness to unforeseensecurity incidents in virtualized environments. Forensic readiness of information systems can support future forensics investigation orauditing on external/internal attacks, internal sabotage and espionage, and business fraud. Toestablish forensics readiness, it is essential to identify which fingerprints are relevant and wherethey can be located, to determine whether they are logged in a forensically sound way andwhether all the needed fingerprints are available to reconstruct the events successfully. Also,fingerprint identification and locating mechanisms should be provided to guide potential forensicsinvestigation in the future. Furthermore, mechanisms should be established to automate thesecurity incident tracking and reconstruction processes. In this research, we will explore potentialsecurity exploitations and their corresponding fingerprints left in the virtualized Linuxenvironment. Attacks are modeled as augmented attack trees and then are conducted against asimulated virtualized environment, which is followed by a forensic investigation. Finally, anevidence tree is built for each attack based on fingerprints identified and located within thesystem.

Tu, M., & Xue, S. (2014, June), Security Incident Tracking in Virtualized Linux Environment Paper presented at 2014 ASEE Annual Conference & Exposition, Indianapolis, Indiana. 10.18260/1-2--23008

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2014 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015