Virtualization of the Encryption Card for Trust Access in Cloud Computing

The increasing use of virtualization puts stringent security requirements on software integrity and workload isolation of cloud computing. The encryption card provides hardware cryptographic services for users and is believed to be superior to software cryptography. However, we cannot use the encryption card directly in the user domain because of the complicated virtualization mechanisms and the security problems about the user key and the user private data flow. To address these challenges, we propose a new virtualization architecture to ensure the trustworthiness of encryption cards. First, we design a privacy preserving model to ensure the security of the dynamic schedule of encryption cards. Second, we present a hardware trust verification procedure based on the trusted platform module to supply a trusted virtualization hardware foundation. Third, we provide a series of security protocols to establish a trusted chain between users and encryption cards. Finally, we give security proofs of the encryption card virtualization architecture. Based on our prototype implementation, the encryption service provided by the encryption card has higher-level security and higher efficiency than software encryption. It provides strong support for security services of virtualization systems in cloud computing.

[1]  Dries Schellekens,et al.  Flexible μTPMs through disembedding , 2009, ASIACCS '09.

[2]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[3]  Paul England,et al.  Para-Virtualized TPM Sharing , 2008, TRUST.

[4]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[5]  Yuexiang Yang,et al.  Hardware assisted hypervisor introspection , 2016, SpringerPlus.

[6]  Claudia Eckert,et al.  Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[7]  Xi Wang,et al.  Access Control Using Trusted Virtual Machine Based on Xen , 2011 .

[8]  Gil Neiger,et al.  Intel virtualization technology , 2005, Computer.

[9]  Andrew Warfield,et al.  Safe Hardware Access with the Xen Virtual Machine Monitor , 2007 .

[10]  Liang Chen,et al.  An improved vTPM migration protocol based trusted channel , 2012, 2012 International Conference on Systems and Informatics (ICSAI2012).

[11]  Zhi Wang,et al.  HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[12]  Jongsub Moon,et al.  A novel secure architecture of the virtualized server system , 2015, The Journal of Supercomputing.

[13]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[14]  F. John Krautheim,et al.  Private Virtual Infrastructure for Cloud Computing , 2009, HotCloud.

[15]  Zi-wen Liu,et al.  TPM-Based Dynamic Integrity Measurement Architecture: TPM-Based Dynamic Integrity Measurement Architecture , 2010 .

[16]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[17]  Steven Hand,et al.  Improving Xen security through disaggregation , 2008, VEE '08.

[18]  Ahmad-Reza Sadeghi,et al.  Property-Based TPM Virtualization , 2008, ISC.

[19]  Robert J. Creasy,et al.  The Origin of the VM/370 Time-Sharing System , 1981, IBM J. Res. Dev..

[20]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[21]  Renato J. O. Figueiredo,et al.  Guest Editors' Introduction: Resource Virtualization Renaissance , 2005, Computer.

[22]  Daniele Sgandurra,et al.  Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems , 2016, ACM Comput. Surv..

[23]  Amir Masoud Rahmani,et al.  Evaluation of isolation in virtual machine environments encounter in effective attacks against memory , 2015, Secur. Commun. Networks.

[24]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[25]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[26]  Yang Yang,et al.  Dynamic Secure Interconnection for Security Enhancement in Cloud Computing , 2016, Int. J. Comput. Commun. Control.

[27]  Hai Jin,et al.  Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing , 2010 .

[28]  Zahid Anwar,et al.  Design and Deployment of a Trusted Eucalyptus Cloud , 2011, 2011 IEEE 4th International Conference on Cloud Computing.