Security Incident Tracking in Virtualized Linux Environment
- Conference
- Location
-
Indianapolis, Indiana
- Publication Date
-
June 15, 2014
- Start Date
-
June 15, 2014
- End Date
-
June 18, 2014
- ISSN
-
2153-5965
- Conference Session
- Tagged Division
-
Computing & Information Technology
- Page Count
-
13
- Page Numbers
-
24.1075.1 - 24.1075.13
- DOI
-
10.18260/1-2--23008
- Permanent URL
-
https://peer.asee.org/23008
- Download Count
-
713
Paper Authors
Manghui Tu Purdue University Calumet
Assistant Professor, Computer Information Technology, Purdue University Calumet, USA. He received his Ph.D. degree of computer science from the University of Texas at Dallas in December 2006. His research interests include distributed computing, information security, and computer forensics.
Shiming Xue Purdue University Calumet
SHIMING XUE
Address: 6943 Wicker Ave E-mail: xues@purduecal.edu
Hammond, IN, U.S 46323 Cell: +1 (765) 404-9776
EDUCATION
Purdue University Calumet, Hammond, IN Jul 2014(expected)
Bachelor of Science in Computer Info Technology
Department of Computer Info Tech Graphic
Courses: Integrative Programming, Networking Technologies, Discrete Mathematics for IT, Applied Database Tech, Data Communication and Networking.
Projects and Activities:
Created a customer/employee management system with windows server 2008 R2
Created the database and few Web Pages that help to update, insert, and delete data for a customer and employees.
Created a Minesweeper with the C# by Visual studio 2010
Created a minesweeper game, which can set mines' number.
Created a high school grade management system with the Basic C by Visual Studio 2010
Created a database for a high school which could help the school manage their students' grades
PROFESSIONAL EXPERIENCE
Huaqing Computer LLC, Pujiang, China June 2007- July 2007
Intern Consultant
Maintained WINDOWS/UNIX operation system for customers and initiated new computers by installing the computer operation systems Vista/XP and by setting up the working environment.
Diagnosed and fixed the problems on both software and hardware of the computers for customer supporting.
Sony Ericsson Mobile Communication (China) Ltd., Beijing, China Dec2011-Jan 2012
Intern Consultant
Checked the credit files and preparation of disbursement checks for different departments
Checked monthly trading volume, and provided the trading volume to the department header
Practiced leadership skills and assisted the department header to leader the team
Guided my group to complete financial statement
SKILLS
COMPUTER:
SQL Server 2008 R2:
Create database, Create tables, Insert data to the tables, create store procedures.
Oracle 10g:
Create database, Create tables, Insert, Update data to the tables
Visual Studio 2010
Create C# program, Create Web Pages with aspx, can create normal web application to finish the
Microsoft Excel:
Insert data, Create bar charts or pie charts for the data, use the formula to complete the data inserting and updating
Microsoft Visio:
Crete the flowchart for processing a project
Virtual machine 7.0:
Run the Virtual system: Windows Server 2003sq
OTHERS: English (Fluent), Chinese (Mother Tongue)
AWARDS AND HONORS
Semester Honors and Dean's List (Distinguished student awards) FALL 2010
Abstract
Abstract —While virtualization has been a key technology that can be leveraged to achievebusiness benefits, virtualized environment provides a heaven for malicious and criminal activities.We can expect to witness the increase of illegal activities in virtualized environments asvirtualization gains its popularity. Meanwhile, numerous digital security and privacy laws andregulations have put business and organizations under obligations to prepare for auditing andlegal investigations. Therefore, businesses must prepare for the responsiveness to unforeseensecurity incidents in virtualized environments. Forensic readiness of information systems can support future forensics investigation orauditing on external/internal attacks, internal sabotage and espionage, and business fraud. Toestablish forensics readiness, it is essential to identify which fingerprints are relevant and wherethey can be located, to determine whether they are logged in a forensically sound way andwhether all the needed fingerprints are available to reconstruct the events successfully. Also,fingerprint identification and locating mechanisms should be provided to guide potential forensicsinvestigation in the future. Furthermore, mechanisms should be established to automate thesecurity incident tracking and reconstruction processes. In this research, we will explore potentialsecurity exploitations and their corresponding fingerprints left in the virtualized Linuxenvironment. Attacks are modeled as augmented attack trees and then are conducted against asimulated virtualized environment, which is followed by a forensic investigation. Finally, anevidence tree is built for each attack based on fingerprints identified and located within thesystem.
Tu, M., & Xue, S. (2014, June), Security Incident Tracking in Virtualized Linux Environment Paper presented at 2014 ASEE Annual Conference & Exposition, Indianapolis, Indiana. 10.18260/1-2--23008
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2014 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015