Seeding clouds with trust anchors

Authors:
Joshua Schiffman;Thomas Moyer;Hayawardh Vijayakumar;Trent Jaeger;Patrick McDaniel
Affiliations:
Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA
Venue:
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Year:
2010

Citing 15
Cited 12

Outbound Authentication for Programmable Secure Coprocessors

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
PRIMA: policy-reduced integrity measurement architecture

Proceedings of the eleventh ACM symposium on Access control models and technologies
Satem: Trusted Service Code Execution across Transactions

SRDS '06 Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
OSLO: improving the security of trusted computing

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A Logic of Secure Systems and its Application to Trusted Computing

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
seL4: formal verification of an OS kernel

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Proceedings of the 16th ACM conference on Computer and communications security
Property Based Attestation and Trusted Computing: Analysis and Challenges

NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Justifying Integrity Using a Virtual Machine Verifier

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Scalable Web Content Attestation

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Bootstrapping Trust in Commodity Computers

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Towards trusted cloud computing

HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing

Twin clouds: secure cloud computing with low latency

CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
RepCloud: achieving fine-grained cloud TCB attestation with reputation systems

Proceedings of the sixth ACM workshop on Scalable trusted computing
Security analysis of public cloud computing

International Journal of Communication Networks and Distributed Systems
Policy-sealed data: a new abstraction for building trusted cloud services

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Lightweight distributed heterogeneous attested android clouds

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A framework for establishing trust in the Cloud

Computers and Electrical Engineering
Self-service cloud computing

Proceedings of the 2012 ACM conference on Computer and communications security
Trusted VM snapshots in untrusted cloud infrastructures

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Trusted launch of virtual machine instances in public iaas environments

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Verifying cloud services: present and future

ACM SIGOPS Operating Systems Review
Multi-cloud oblivious storage

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Client-controlled cryptography-as-a-service in the cloud

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.