Seeding clouds with trust anchors

Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.

[1]  Vijay Varadharajan,et al.  Property Based Attestation and Trusted Computing: Analysis and Challenges , 2009, 2009 Third International Conference on Network and System Security.

[2]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[4]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[5]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[6]  Trent Jaeger,et al.  Scalable Web Content Attestation , 2012, IEEE Trans. Computers.

[7]  Trent Jaeger,et al.  Establishing and Sustaining System Integrity via Root of Trust Installation , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[8]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[9]  Trent Jaeger,et al.  Integrity walls: finding attack surfaces from mandatory access control policies , 2012, ASIACCS '12.

[10]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[11]  Hong Chen,et al.  Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems , 2009, NDSS.

[12]  Santosh K. Shrivastava Satem: Trusted Service Code Execution across Transactions , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[13]  Dilsun Kirli Kaynar,et al.  A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[14]  Trent Jaeger,et al.  Justifying Integrity Using a Virtual Machine Verifier , 2009, 2009 Annual Computer Security Applications Conference.

[15]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[16]  Trent Jaeger,et al.  Network-Based Root of Trust for Installation , 2011, IEEE Security & Privacy.

[17]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[18]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[19]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[20]  Michael K. Reiter,et al.  Safe Passage for Passwords and Other Sensitive Data , 2009, NDSS.

[21]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[22]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[23]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.