TY - GEN
T1 - Implementing trust in cloud infrastructures
AU - Neisse, Ricardo
AU - Holling, Dominik
AU - Pretschner, Alexander
PY - 2011
Y1 - 2011
N2 - Today's cloud computing infrastructures usually require customers who transfer data into the cloud to trust the providers of the cloud infrastructure. Not every customer is willing to grant this trust without justification. It should be possible to detect that at least the configuration of the cloud infrastructure - as provided in the form of a hyper visor and administrative domain software - has not been changed without the customer's consent. We present a system that enables periodical and necessity-driven integrity measurements and remote attestations of vital parts of cloud computing infrastructures. Building on the analysis of several relevant attack scenarios, our system is implemented on top of the Xen Cloud Platform and makes use of trusted computing technology to provide security guarantees. We evaluate both security and performance of this system. We show how our system attests the integrity of a cloud infrastructure and detects all changes performed by system administrators in a typical software configuration, even in the presence of a simulated denial-of-service attack.
AB - Today's cloud computing infrastructures usually require customers who transfer data into the cloud to trust the providers of the cloud infrastructure. Not every customer is willing to grant this trust without justification. It should be possible to detect that at least the configuration of the cloud infrastructure - as provided in the form of a hyper visor and administrative domain software - has not been changed without the customer's consent. We present a system that enables periodical and necessity-driven integrity measurements and remote attestations of vital parts of cloud computing infrastructures. Building on the analysis of several relevant attack scenarios, our system is implemented on top of the Xen Cloud Platform and makes use of trusted computing technology to provide security guarantees. We evaluate both security and performance of this system. We show how our system attests the integrity of a cloud infrastructure and detects all changes performed by system administrators in a typical software configuration, even in the presence of a simulated denial-of-service attack.
KW - cloud computing
KW - runtime integrity checking
KW - trust
KW - trusted computing
UR - http://www.scopus.com/inward/record.url?scp=79961133763&partnerID=8YFLogxK
U2 - 10.1109/CCGrid.2011.35
DO - 10.1109/CCGrid.2011.35
M3 - Conference contribution
AN - SCOPUS:79961133763
SN - 9780769543956
T3 - Proceedings - 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2011
SP - 524
EP - 533
BT - Proceedings - 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2011
T2 - 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2011
Y2 - 23 May 2011 through 26 May 2011
ER -