Cloud Verifier: Verifiable Auditing Service for IaaS Clouds
作者: Joshua Schiffman , Yuqiong Sun , Hayawardh Vijayakumar , Trent Jaeger
关键词:
摘要: Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption been stymied by cloud platform's lack transparency, which leaves customers unsure if their sensitive data computation can be entrusted to cloud. While techniques like encryption protect customers' at rest, clouds still mechanisms for verify that computations are being executed as expected, a guarantee one could obtain they were running in own center. In paper, we present verifier (CV), flexible framework vendors configure provide monitoring services validate configured run expected Infrastructure Service (IaaS) clouds. The CV builds chain trust from customer hosted virtual machine (VM) instances through platform, enabling it check customer-specified requirements against comprehensive view both VM's load-time run-time properties. addition, enables more responsive remediation than traditional attestation mechanisms. We built proof concept OpenStack platform whose evaluation demonstrates single over 20,000 simultaneous numerous properties with little impact on application performance. As result, gives low-overhead method assuring according requirements.
elsevier.com
ieeecomputersociety.org参考文章(21)
Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono, All your clouds are belong to us Proceedings of the 3rd ACM workshop on Cloud computing security workshop - CCSW '11. pp. 3- 14 ,(2011) , 10.1145/2046660.2046664
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, Hiroshi Isozaki, Flicker: an execution infrastructure for tcb minimization european conference on computer systems. ,vol. 42, pp. 315- 328 ,(2008) , 10.1145/1352592.1352625
Joshua Schiffman, Thomas Moyer, Trent Jaeger, Patrick McDaniel, Network-Based Root of Trust for Installation ieee symposium on security and privacy. ,vol. 9, pp. 40- 48 ,(2011) , 10.1109/MSP.2011.15
Dawn Cappelli, Michelle Keeney, Timothy Shimeall, Andrew Moore, Eileen Kowalski, Stephanie Rogers, Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors ,(2005)
Monirul I. Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi, Secure in-VM monitoring using hardware virtualization computer and communications security. pp. 477- 487 ,(2009) , 10.1145/1653662.1653720
Max Joseph Guise, Jeremy Daniel Wendt, Sandia Report, Trusted Execution Technology ,(2011)
Dawn Cappelli, Andrew Moore, Eileen Kowalski, Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector ,(2008)
Thomas Morris, Trusted Platform Module. Encyclopedia of Cryptography and Security (2nd Ed.). pp. 1332- 1335 ,(2011)
Joshua Schiffman, Hayawardh Vijayakumar, Trent Jaeger, Verifying system integrity by proxy trust and trustworthy computing. pp. 179- 200 ,(2012) , 10.1007/978-3-642-30921-2_11
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)