TY - GEN
T1 - Seeding clouds with trust anchors
AU - Schiffman, Joshua
AU - Moyer, Thomas
AU - Vijayakumar, Hayawardh
AU - Jaeger, Trent
AU - McDaniel, Patrick
PY - 2010
Y1 - 2010
N2 - Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.
AB - Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.
UR - http://www.scopus.com/inward/record.url?scp=78650083239&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650083239&partnerID=8YFLogxK
U2 - 10.1145/1866835.1866843
DO - 10.1145/1866835.1866843
M3 - Conference contribution
AN - SCOPUS:78650083239
SN - 9781450300896
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 43
EP - 48
BT - Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10
T2 - 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10
Y2 - 4 October 2010 through 8 October 2010
ER -