In this chapter, we focus on software architectures for self-protection in IaaS clouds. IaaS clouds, especially hybrid clouds, are becoming increasingly popular because of the need for developers and enterprises to dynamically increase/decrease their use of computing resources to adapt quickly to market forces and customer demands, reduce costs, and increase fault tolerance. However, the adoption of public IaaS and hybrid clouds by enterprises is slower than expected because the current hybrid cloud infrastructures do not provide scalable and efficient mechanisms to prevent software tampering and configuration errors and ensure the trustworthiness and integrity of the software stack executing a hybrid application workload; or to enforce governmental privacy and audit regulations by ensuring that remote data and computation do not cross specified geographic boundaries. We discuss the recent research on integrating intrusion detection systems in IaaS infrastructures, as well as hardware-rooted integrity verification and geographic fencing to address the concerns outlined above.
[1]
Randy H. Katz,et al.
Mesos: A Platform for Fine-Grained Resource Sharing in the Data Center
,
2011,
NSDI.
[2]
Michael Abd-El-Malek,et al.
Omega: flexible, scalable schedulers for large compute clusters
,
2013,
EuroSys '13.
[3]
Trent Jaeger,et al.
Design and Implementation of a TCG-based Integrity Measurement Architecture
,
2004,
USENIX Security Symposium.
[4]
William Futral,et al.
Intel Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacenters
,
2013
.
[5]
Enrique Castro-Leon,et al.
Building the Infrastructure for Cloud Security: A Solutions View
,
2014
.
[6]
Scott A. Rotondo.
Trusted Computing Group
,
2011,
Encyclopedia of Cryptography and Security.