AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (2.3 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Trusted Attestation Architecture on an Infrastructure-as-a-Service

Xin JinXingshu Chen( )Cheng ZhaoDandan Zhao
College of Computer Science, Sichuan University, Chengdu 610065, China.
Show Author Information

Abstract

Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing. How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service (IaaS) platform is a problem that must be solved. The IaaS platform provides the Virtual Machine (VM), and the Trusted VM, equipped with a virtual Trusted Platform Module (vTPM), is the foundation of the trusted IaaS platform. We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes, and manage the information centrally on a cloud management platform. The architecture verifies the IaaS’s trusted attestation by apprising the VM, Hypervisor, and host Operating System’s (OS) trusted status. The theory and the technology roadmap were introduced, and the key technologies were analyzed. The key technologies include dynamic measurement of the Hypervisor at the process level, the protection of vTPM instances, the reinforcement of Hypervisor security, and the verification of the IaaS trusted attestation. A prototype was deployed to verify the feasibility of the system. The advantages of the prototype system were compared with the Open CIT (Intel Cloud attestation solution). A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.

References

[1]
Rong C., Nguyen S. T., and Jaatun M. G., Beyond lightning: A survey on security challenges in cloud computing, Computers & Electrical Engineering, vol. 39, no. 3, pp. 47-54, 2013.
[2]
Ryan M. D., Cloud computing security: The scientific challenge, and a survey of solutions, Journal of Systems and Software, vol. 86, no. 9, pp. 2263-2268, 2013.
[3]
Jansen W. and Timothy G., Guidelines on security and privacy in public cloud computing, NIST Special Publication, vol. 800, no. 144, pp. 10-11, 2011.
[4]
Inci M. S., Glmezoglu B., Apecechea G. I., Eisenbarth T., and Sunar B., Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud, IACR Cryptology ePrint Archive, p. 898, 2015.
[5]
Ghazizadeh E., Zamani M., Ab Mana J. L., and Alizadeh M., Trusted computing strengthens cloud authentication, The Scientific World Journal, vol. 2014, p. 260187, 2014.
[6]
Bertholon B., Varrette S., and Bouvry P., Certicloud: A novel TPM-based approach to ensure cloud IAAS security, in 2011 IEEE International Conference on Cloud Computing (CLOUD), 2011.
[7]
Qiang W., Zhang K., Dai W., and Jin H., Secure cryptographic functions via virtualization-based outsourced computing, Concurrency and Computation: Practice and Experience, vol. 28, no. 11, pp. 3149-3163, 2015.
[8]
Santos N., Gummadi K. P., and Rodrigues R., Towards trusted cloud computing, HotCloud, vol. 9, p. 3, 2009.
[9]
Perez R., Sailer R., and van Doorn L., vTPM: Virtualizing the trusted platform module, in Proc. 15th Conf. on USENIX Security Symposium, 2006.
[11]
Chen L., Chen X., Jiang J., Yin X., and Shao G., Research and practice of dynamic network security architecture for IaaS platforms, Tsinghua Science and Technology, vol. 19, no. 5, pp. 496-507. 2014.
[12]
Shen Z. and Tong Q., The security of cloud computing system enabled by trusted computing technology, in 2010 2nd International Conference on Signal Processing Systems (ICSPS), 2010.
[13]
Kivity A., Kamay Y., Laor D., Lublin U., and Liguori A., KVM: The Linux virtual machine monitor, in Proceedings of the Linux Symposium, 2007.
[14]
[15]
Sethi C. and Pradhan S. K., Trusted-Cloud: A cloud security model for Infrastructure-as-a-Service (IaaS), International Journal of Advanced Research in Computer Science and Software Engineering, vol. 6, no. 3, pp. 32-46, 2016.
[16]
Zhang T. and Lee R. B., CloudMonatt: An architecture for security health monitoring and attestation of virtual machines in cloud computing, in 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA), 2015, pp. 362-374.
[17]
Shanmugam U. and Tamilselvan L., Dynamic resource monitoring of SaaS with attestation for a trusted cloud environment, International Journal of Security and Its Applications, vol.10, no. 4, pp. 41-50, 2016.
[18]
Van Hoorn A., Waller J., and Hasselbring W., Kieker: A framework for application performance monitoring and dynamic software analysis, in Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering, 2012, pp. 247-248.
[19]
Varadharajan V. and Tupakula U., Counteracting security attacks in virtual machines in the cloud using property based attestation, Journal of Network and Computer Applications, vol. 40, pp. 31-45, 2014.
[20]
Contractor D., Patel D., and Patel S., Trusted heartbeat framework for cloud computing, Journal of Information Security, vol. 7, no. 3, p.103, 2016.
Tsinghua Science and Technology
Pages 469-478
Cite this article:
Jin X, Chen X, Zhao C, et al. Trusted Attestation Architecture on an Infrastructure-as-a-Service. Tsinghua Science and Technology, 2017, 22(5): 469-478. https://doi.org/10.23919/TST.2017.8030536

609

Views

18

Downloads

4

Crossref

N/A

Web of Science

6

Scopus

3

CSCD

Altmetrics

Received: 01 October 2016
Accepted: 21 October 2016
Published: 11 September 2017
© The author(s) 2017
Return