Scalable Attestation: A Step Toward Secure and Trusted Clouds

Berger, Stefan; Goldman, Kenneth; Pendarakis, Dimitrios; Safford, David; Valdez, Enriquillo; Zohar, Mimi

doi:10.1109/ic2e.2015.32

Cited by 23 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The goal of trusted attestation is to prove to a remote party that the operating system and application software are intact and trustworthy [37] . Trusted attestation usually includes three roles: a challenger, a target system, and an authoritative third party, e.g., a Certificate Authority (CA).…”

Section: Trusted Attestationmentioning

confidence: 99%

Cloud virtual machine lifecycle security framework based on trusted computing

Jin

Wang

et al. 2019

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protection framework is developed, which can extend the trusted relationship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.

show abstract

Section: Trusted Attestationmentioning

confidence: 99%

Cloud virtual machine lifecycle security framework based on trusted computing

Jin

Wang

et al. 2019

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

show abstract

“…TPM and remote attestation for cloud computing [43] are reaching maturity, with IBM rolling out an open source, scalable trusted platform based on virtual TPMs [44]. Indeed, Berger et al [44] describe a mechanism allowing the TPM and remote attestation to be provided for virtual machine offerings and container-based solutions, covering the whole range of contemporary cloud offerings. Furthermore, the approach not only allows the state of the software stack to be verified at boot time, but also during execution, and can thus prevent run-time modification of the system configuration.…”

Section: Leveraging Hardware Roots Of Trustmentioning

confidence: 99%

Camflow: Managed Data-Sharing for Cloud Services

Pasquier

Singh

Eyers

et al. 2017

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

Abstract-A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government, consisting of different departments, provides services to its citizens through a common platform. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-toend, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' data flow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency and offers system-wide visibility over data flows. This helps those responsible to meet their data management obligations, providing evidence of compliance, and aids in the identification of policy errors and misconfigurations. We present our IFC model and describe and evaluate our IFC architecture and implementation (CamFlow). This comprises an OS level implementation of IFC with support for application management, together with an IFC-enabled middleware.

show abstract

“…Abbadi [11] propose the combined chain-of-trust, which builds a single chain-of-trust to attest to a cluster of nodes who have exactly the same configuration. Stefan et al [12] extend the OpenAttestation to support a Trusted OpenStack infrastructure, and to attest the IMA [19] measurement list of a node.…”

Section: Tpm Extend(pcr Newmentioning

confidence: 99%

“…Measurement facilities are deployed inside each DomU to measure its chain-of-trust. Detailed constructions can be found in [12].…”

Section: Preliminary Implementation Designmentioning

confidence: 99%

“…On the other hand, several authors have proposed the concepts of cloud attestation [21], [11], [12], [20], which allows customers to verify the genuine enforcements of the cloud services by using Trusted Computing technology [9], [10], [19]. In these systems, the cloud servers have builtin tamper-proof trustworthy hardware chips: the TPMs [10] (Trusted Platform Modules).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Breaking Down the Monarchy: Achieving Trustworthy and Open Cloud Ecosystem Governance with Separation-of-Powers

Ruan

Wei

Martin

et al. 2016

2016 IEEE 9th International Conference on Cloud Computing (CLOUD)

View full text Add to dashboard Cite

The cloud computing ecosystem is in urgent need of effective and practical trust establishment schemes. Cloud customers currently lack approaches to effectively verify the genuine behaviours of cloud services. They can only blindly believe that the Cloud Service Providers (CSPs) are honest enough to not tamper with their data, while many others have avoided using the cloud entirely. Trust establishment schemes, such as cloud auditing and cloud attestation systems, lack controls and transparency over their trust building processes, which only blur the effectiveness of the proclaimed trustworthiness. We argue that these problems ultimately result from the CSPs' autocratic governance over all the activities inside the cloud. In this paper, we present a Separation-of-Powers (SoP) model by referencing the similar concepts from the discipline of the political philosophy. We define three independent roles to separate the powers of definition, enforcement, and inspection from the CSPs. These roles form the collaborative-restrictive relationship to facilitate trustworthy cloud services and achieve the balance-of-powers. We believe a model of this kind will open new opportunities for achieving trustworthy and open cloud ecosystem governance.

show abstract

Scalable Attestation: A Step Toward Secure and Trusted Clouds

Cited by 23 publications

References 10 publications

Cloud virtual machine lifecycle security framework based on trusted computing

Cloud virtual machine lifecycle security framework based on trusted computing

Camflow: Managed Data-Sharing for Cloud Services

Breaking Down the Monarchy: Achieving Trustworthy and Open Cloud Ecosystem Governance with Separation-of-Powers

Contact Info

Product

Resources

About