eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, ‘enclave TPM (eTPM)’ to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in ‘enclave’, an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.

[1]  Kenneth A. Goldman,et al.  A Practical Guide to TPM 2.0 , 2015, Apress.

[2]  Athanasios V. Vasilakos,et al.  A Survey of Security and Privacy Challenges in Cloud Computing: Solutions and Future Directions , 2015, J. Comput. Sci. Eng..

[3]  Khaled Riad,et al.  Multi-authority trust access control for cloud storage , 2016, 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS).

[4]  Sihan Qing,et al.  XEN virtual machine technology and its security analysis , 2006, Wuhan University Journal of Natural Sciences.

[5]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[6]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[7]  Andrew Martin,et al.  The ten-page introduction to Trusted Computing , 2008 .

[8]  Luigi Coppolino,et al.  Cloud security: Emerging threats and current solutions , 2017, Comput. Electr. Eng..

[9]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[10]  Robert H. Deng,et al.  A software-based root-of-trust primitive on multicore platforms , 2011, ASIACCS '11.

[11]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[12]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[13]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[14]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[15]  Guangjie Han,et al.  A Trust Model Based on Cloud Theory in Underwater Acoustic Sensor Networks , 2017, IEEE Transactions on Industrial Informatics.

[16]  Rui Chang,et al.  A TrustEnclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals , 2017 .

[17]  Giovanni Mazzeo,et al.  Integrating Reactive Cloud Applications in SERECA , 2017, ARES.

[18]  P. Syverson,et al.  A Unified Cryptographic Protocol Logic , 1996 .

[19]  Issa M. Khalil,et al.  Cloud Computing Security: A Survey , 2014, Comput..

[20]  Tal Garfinkel,et al.  Flexible OS Support and Applications for Trusted Computing , 2003, HotOS.

[21]  Ping Zhang,et al.  A Trusted Healthcare Data Analytics Cloud Platform , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[22]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[23]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[24]  Giuseppe M. L. Sarnè,et al.  Forming Groups in the Cloud of Things Using Trust Measures , 2018, IDC.

[25]  Claudia Eckert,et al.  An Approach to a Trustworthy System Architecture Using Virtualization , 2007, ATC.

[26]  Giuseppe M. L. Sarnè,et al.  Combining reputation and QoS measures to improve cloud service composition , 2017, Int. J. Grid Util. Comput..

[27]  Rüdiger Kapitza,et al.  Secure Cloud Micro Services Using Intel SGX , 2017, DAIS.

[28]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[29]  Jiang Lu,et al.  A User-specific Trusted Virtual Environment for Cloud Computing , 2013 .

[30]  Paul F. Syverson,et al.  On unifying some cryptographic protocol logics , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[31]  Said Gharout,et al.  Trusted Platform Module as an Enabler for Security in Cloud Computing , 2011, 2011 Conference on Network and Information Systems Security.

[32]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[33]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[34]  Huanguo Zhang,et al.  A security-improved scheme for virtual TPM based on KVM , 2015, Wuhan University Journal of Natural Sciences.