More Web Proxy on the site http://driver.im/

research-article

Seeding clouds with trust anchors

Authors:

Joshua Schiffman,

Hayawardh Vijayakumar,

Patrick McDanielAuthors Info & Claims

CCSW '10: Proceedings of the 2010 ACM workshop on Cloud computing security workshop

Pages 43 - 46

https://doi.org/10.1145/1866835.1866843

Published: 08 October 2010 Publication History

Abstract

Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.

References

[1]

}}ARBAUGH, W. A., FARBER, D. J., AND SMITH, J. M. A Secure and Reliable Bootstrap Architecture. In IEEE SP '97 (1997), IEEE Computer Society, p. 65.

Digital Library

[2]

}}BIBA, K. J. Integrity Considerations for Secure Computer Systems. Tech. Rep. MTR-3153, MITRE, April 1977.

[3]

}}CHEN, H., LI, N., AND MAO, Z. Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems. In NDSS (2009).

[4]

}}CLAIR, L. S., SCHIFFMAN, J., JAEGER, T., AND MCDANIEL, P. Establishing and sustaining system integrity via root of trust installation. In ACSAC (Dec. 2007).

[5]

}}CLARK, D. D., AND WILSON, D. R. A Comparison of Commercial and Military Computer Security Policies. Security and Privacy 00 (1987), 184.

[6]

}}DATTA, A., FRANKLIN, J., GARG, D., AND KAYNAR, D. A Logic of Secure Systems and its Application to Trusted Computing. In IEEE SP '09 (May 2009).

Digital Library

[7]

}}Eucalyptus.http://www.eucalyptus.com/.

[8]

}}Forrester Research. Conventional Wisdom Is Wrong About Cloud IaaS. http://www.forrester.com.

[9]

}}HOWARD, M., PINCUS, J., AND WING, J. M. Measuring Relative Attack Surfaces. In Proceedings of Workshop on Advanced Developments in Software and Systems Security (2003).

[10]

}}IDC. The Single Biggest Reason Public Clouds Will Dominate the Next Era of IT. http://blogs.idc.com/ie/?p=345.

[11]

}}JAEGER, T., SAILER, R., AND SHANKAR, U. PRIMA: Policy-Reduced Integrity Measurement Architecture. In Proceedings of the 11th ACM SACMAT (2006).

Digital Library

[12]

}}KAUER, B. Oslo: improving the security of trusted computing. In 16th USENIX Security Symposium (Berkeley, CA, USA, 2007), USENIX Association, pp. 1--9.

Digital Library

[13]

}}KLEIN, G., ET AL. seL4: Formal Verification of an OS Kernel. In SOSP '09 (2009), ACM, pp. 207--220.

Digital Library

[14]

}}MCCUNE, J. M., PERRIG, A., AND REITER, M. K. Safe Passage for Passwords and Other Sensitive Data. In NDSS (Feb. 2009).

[15]

}}MOYER, T., BUTLER, K., SCHIFFMAN, J., MCDANIEL, P., AND JAEGER, T. Scalable Web Content Attestation. In ACSAC '09 (2009).

Digital Library

[16]

}}NAGARAJAN, A., VARADHARAJAN, V., HITCHENS, M., AND GALLERY, E. Property based attestation and trusted computing: Analysis and challenges. In International Conference on Network and System Security (Washington, DC, USA, 2009), IEEE Computer Society, pp. 278--285.

Digital Library

[17]

}}PARNO, B., MCCUNE, J. M., AND PERRIG, A. Bootstrapping trust in commodity computers. In IEEE SP '10 (May 2010).

Digital Library

[18]

}}RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. Hey, You, Get Off of my Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In CCS '09, ACM.

Digital Library

[19]

}}SAILER, R., ZHANG, X., JAEGER, T., AND VAN DOORN, L. Design and Implementation of a TCG-based Integrity Measurement Architecture. In USENIX-SS '04 (Aug. 2004), USENIX Association.

Digital Library

[20]

}}SANTOS, N., GUMMADI, K. P., AND RODRIGUES, R. Towards trusted cloud computing. In Proceedings of USENIX HotCloud'09: Workshop on Hot Topics in Cloud Computing (San Diego, CA, June 2009).

Digital Library

[21]

}}SCHIFFMAN, J., JAEGER, T., AND MCDANIEL, P. Network-based Root of Trust for Installation. Tech. Rep. Technical Report NAS-TR-0135-2010, Network and Security Research Center, June 2010.

[22]

}}SCHIFFMAN, J., MOYER, T., SHAL, C., JAEGER, T., AND MCDANIEL, P. Justifying integrity using a Virtual Machine Verifier. In ACSAC '09 (2009), ACSA.

Digital Library

[23]

}}SHI, E., PERRIG, A., AND VAN DOORN, L. BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In IEEE SP '05 (2005), IEEE Computer Society.

Digital Library

[24]

}}SHRIVASTAVA, S. Satem: Trusted Service Code Execution across Transactions. In SRDS '06 (2006), IEEE Computer Society, pp. 337--338.

Digital Library

[25]

}}SMITH, S. W. Outbound Authentication for Programmable Secure Coprocessors. In ESORICS (Oct. 2002).

Digital Library

[26]

}}VIJAYAKUMAR, H., JAKKA, G., RUEDA, S., SCHIFFMAN, J., AND JAEGER, T. Integrity Walls: Finding attack surfaces from mandatory access control policies. Tech. Rep. NAS-TR-0124-2010, NSRC, Feb. 2010.

Cited By

Jasmine Sharon S S. Nagasundaram (2024)Multi-Tenant IaaS Cloud Security Evaluation ModelInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJETIR-1234(184-188)Online publication date: 10-Jul-2024
https://doi.org/10.48175/IJETIR-1234
Khan MShoaib MHusain MUl Nisa KQuasim M(2024)Enhanced mechanism to prioritize the cloud data privacy factors using AHP and TOPSIS: a hybrid approachJournal of Cloud Computing10.1186/s13677-024-00606-y13:1Online publication date: 14-Feb-2024
https://doi.org/10.1186/s13677-024-00606-y
Solouki MAngizi SViolante M(2024)Dependability in Embedded Systems: A Survey of Fault Tolerance Methods and Software-Based Mitigation TechniquesIEEE Access10.1109/ACCESS.2024.350963312(180939-180967)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3509633
Show More Cited By

Index Terms

Seeding clouds with trust anchors
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

A Trust Management Solution in the Context of Hybrid Clouds
WETICE '14: Proceedings of the 2014 IEEE 23rd International WETICE Conference

Cloud computing is a revolutionary paradigm which enables on-demand provisioning of computing resources. Resources are delivered to cloud consumers in the form of infrastructure, platform and software services. These resources are deployed on three ...
Monitoring-based auto-scalability across hybrid clouds
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Cloud computing is a relatively new type of Internet-based computing that becomes more and more popular. Using methods like virtualization, adopting architectures based on microservices, automation of building and deployment processes, Cloud could ...
Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing
Advanced Topics on Scalable Computing

In the cloud computing infrastructure, there is an increasing demand to maintain and verify the integrity of software stacks running on remote systems and protect users' sensitive data. However, due to the fact that software stacks running on cloud ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '10: Proceedings of the 2010 ACM workshop on Cloud computing security workshop

October 2010

118 pages

ISBN:9781450300896

DOI:10.1145/1866835

Program Chairs:
Adrian Perrig
Carnegie Mellon University, USA
,
Radu Sion
Stony Brook University, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '10

Sponsor:

SIGSAC

CCS '10: 17th ACM Conference on Computer and Communications Security 2010

October 8, 2010

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

72
Total Citations
View Citations
1,355
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)2

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jasmine Sharon S S. Nagasundaram (2024)Multi-Tenant IaaS Cloud Security Evaluation ModelInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJETIR-1234(184-188)Online publication date: 10-Jul-2024
https://doi.org/10.48175/IJETIR-1234
Khan MShoaib MHusain MUl Nisa KQuasim M(2024)Enhanced mechanism to prioritize the cloud data privacy factors using AHP and TOPSIS: a hybrid approachJournal of Cloud Computing10.1186/s13677-024-00606-y13:1Online publication date: 14-Feb-2024
https://doi.org/10.1186/s13677-024-00606-y
Solouki MAngizi SViolante M(2024)Dependability in Embedded Systems: A Survey of Fault Tolerance Methods and Software-Based Mitigation TechniquesIEEE Access10.1109/ACCESS.2024.350963312(180939-180967)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3509633
Arfaoui GJacques TLacoste MOnete CRobert L(2024)Towards a Privacy-Preserving Attestation for Virtualized NetworksComputer Security – ESORICS 202310.1007/978-3-031-51482-1_18(351-370)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51482-1_18
Shang KLu FHuang KQin YLi WFeng W(2023)Cluster Nodes Integrity Attestation and Monitoring Scheme for Confidential Computing Platform2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00109(740-749)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00109
Cheng JZhang KTu B(2021)Remote Attestation of Large-scale Virtual Machines in the Cloud Data Center2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom53373.2021.00041(180-187)Online publication date: Oct-2021
https://doi.org/10.1109/TrustCom53373.2021.00041
Li BLin JWang QWang ZJing J(2021)Locally-Centralized Certificate Validation and its Application in Desktop Virtualization SystemsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.303526516(1380-1395)Online publication date: 2021
https://doi.org/10.1109/TIFS.2020.3035265
Aslam MBouget SRaza S(2021)Security and trust preserving inter‐ and intra‐cloud VM migrationsInternational Journal of Network Management10.1002/nem.210331:2Online publication date: 9-Mar-2021
https://dl.acm.org/doi/10.1002/nem.2103
Divya JShivagami S(2020)A study of Secure cryptographic based Hardware security module in a cloud environment2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC49090.2020.9243328(1273-1279)Online publication date: 7-Oct-2020
https://doi.org/10.1109/I-SMAC49090.2020.9243328
Kumaresan SShanmugam V(2020)Time-variant attribute-based multitype encryption algorithm for improved cloud data security using user profileThe Journal of Supercomputing10.1007/s11227-019-03118-8Online publication date: 15-Jan-2020
https://doi.org/10.1007/s11227-019-03118-8
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents