TY - GEN
T1 - Cloud verifier
T2 - 2013 IEEE 9th World Congress on Services, SERVICES 2013
AU - Schiffman, Joshua
AU - Sun, Yuqiong
AU - Vijayakumar, Hayawardh
AU - Jaeger, Trent
PY - 2013
Y1 - 2013
N2 - Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.
AB - Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.
UR - http://www.scopus.com/inward/record.url?scp=84888066817&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84888066817&partnerID=8YFLogxK
U2 - 10.1109/SERVICES.2013.37
DO - 10.1109/SERVICES.2013.37
M3 - Conference contribution
AN - SCOPUS:84888066817
SN - 9780768550244
T3 - Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013
SP - 239
EP - 246
BT - Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013
Y2 - 27 June 2013 through 2 July 2013
ER -