Seeding clouds with trust anchors

Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakumar, Trent Jaeger, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

88 Scopus citations

Abstract

Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.

Original languageEnglish (US)
Title of host publicationProceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10
Pages43-48
Number of pages6
DOIs
StatePublished - 2010
Event2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10 - Chicago, IL, United States
Duration: Oct 4 2010Oct 8 2010

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2010 ACM Workshop on Cloud Computing Security Workshop, CCSW '10, Co-located with CCS'10
Country/TerritoryUnited States
CityChicago, IL
Period10/4/1010/8/10

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Seeding clouds with trust anchors'. Together they form a unique fingerprint.

Cite this