Experiences in Trusted Cloud Computing (original) (raw)

Related papers

Towards Trusted Cloud Computing

Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. However, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation.

myTrustedCloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Managment

Cloud Computing provides an optimal infrastructure to utilise and share both computational and data resources whilst allowing a pay-per-use model, useful to cost-effectively manage hardware investment or to maximise its utilisation. Cloud Computing also offers transitory access to scalable amounts of computational resources, something that is particularly important due to the time and financial constraints of many user communities. The growing number of communities that are adopting large public cloud resources such as Amazon Web Services [1] or Microsoft Azure [2] proves the success and hence usefulness of the Cloud Computing paradigm. Nonetheless, the typical use cases for public clouds involve non-business critical applications, particularly where issues around security of utilization of applications or deposited data within shared public services are binding requisites. In this paper, a use case is presented illustrating how the integration of Trusted Computing technologies into an available cloud infrastructure – Eucalyptus – allows the security-critical energy industry to exploit the flexibility and potential economical benefits of the Cloud Computing paradigm for their business-critical applications.

TREASURE: Trust Enhanced Security for Cloud Environments

Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for realization of trusted platforms. Recently several TPM attestation techniques such as binary attestation and property based attestation techniques have been proposed but there are some fundamental issues that need to be addressed for using these techniques in practice. In this paper we consider an architecture where different services are hosted on the cloud infrastructure by multiple cloud customers (tenants). Then we consider an attacker model that is specific to the cloud and some of the challenges with the current TPM based attestation techniques. We will also propose a novel trust enhanced security model for cloud which overcomes the challenges with the current TPM based attestation techniques and efficiently deals with the attacks in the cloud. In our model, the cloud service provider is used as the Certification Authority (CA) for the tenant virtual machines. The CA only certifies the basic security properties which are the assurance on the traffic originating from the tenant virtual machine and validation of the tenant virtual machine transactions. The components of the CA monitor the interactions of the tenant virtual machine for the certified properties. Since the tenant virtual machines are running on the cloud service provider infrastructure, it is aware of the dynamic changes to the tenant virtual machine. The CA can terminate the ongoing transactions and/or dynamically isolate the tenant virtual machine if there is a variation in the behaviour of the tenant virtual machine from the certified properties. Hence our model can be used to address the challenges with the current TPM based attestation techniques and efficiently deal with the attacks in the cloud. We will present implementation of our model on Xen and how it deals with the attacks in different attack case scenarios. We will also show that our model is beneficial for the cloud service providers, tenants and tenant customers.

Trust Based Security for Cloud Systems

Even though Security, Privacy and Trust issues exists since the evolution of Internet, the reason why they are widely spoken these days is because of the Cloud Computing scenario. Any client/small organization/enterprise that processes data in the cloud is subjected to an inherent level of risk because outsourced services bypass the "physical, logical and personnel controls" of the user [1]. When storing data on cloud, one might want to make sure if the data is correctly stored and can be retrieved later. As the amount of data stored by the cloud for a client can be enormous, it is impractical (and might also be very costly) to retrieve all the data, if one's purpose is just to make sure that it is stored correctly. Hence there is a need to provide such guarantees to a client.

The Trusted Computing Exemplar project

2004

We describe the Trusted Computing Exemplar project, which is producing an openly distributed worked example of how high assurance trusted computing components can be built. The TCX project encompasses four related activities: Creation of a prototype framework for rapid high assurance system development; Development of a reference-implementation trusted computing component; Evaluation of the component for high assurance; and Open dissemination of results related to the first three activities. The project's open development methodology will provide widespread availability of key high assurance enabling technologies and ensure transfer of knowledge and capabilities for trusted computing to the next generation of developers, evaluators and educators.

Digital Trust - Trusted Computing and Beyond A Position Paper

The 7th IEEE International Symposium on Security, Privacy and Anonymity in Internet of Things (IEEE SpaIoT 2014) in conjunction with The 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-14), 2014

Along with the invention of computers and interconnected networks, physical societal notions like security, trust, and privacy entered the digital environment. The concept of digital environments begins with the trust (established in the real world) in the organisation/individual that manages the digital resources. This concept evolved to deal with the rapid growth of the Internet, where it became impractical for entities to have prior offline (real world) trust. The evolution of digital trust took diverse approaches and now trust is defined and understood differently across heterogeneous domains. This paper looks at digital trust from the point of view of security and examines how valid trust approaches from other domains are now making their way into secure computing. The paper also revisits and analyses the Trusted Platform Module (TPM) along with associated technologies and their relevance in the changing landscape. We especially focus on the domains of cloud computing, mobile computing and cyber-physical systems. In addition, the paper also explores our proposals that are competing with and extending the traditional functionality of TPM specifications.

Seeding the Cloud: An Innovative Approach to Grow Trust in Cloud Based Infrastructures

Lecture Notes in Computer Science, 2013

Complying with security and privacy requirements of appliances such as mobile handsets, personal computers, servers for customers, enterprises and governments is mandatory to prevent from theft of sensitive data and to preserve their integrity. Nowadays, with the rising of the Cloud Computing approach in business fields, security and privacy are even more critical. The aim of this article is then to propose a way to build a secure and trustable Cloud. The idea is to spread and embed Secure Elements (SE) on each level of the Cloud in order to make a wide trusted infrastructure which complies with access control and isolation policies. This article presents therefore this new approach of trusted Cloud infrastructure based on a Network of Secure Elements (NoSE), and it illustrates this approach through different use cases.

Challenges for Trusted Computing

IEEE Security & Privacy Magazine, 2000

This article identifies and discusses some of the key challenges that need to be addressed if the vision of Trusted Computing is to become reality. Topics addressed include issues with setting up and maintaining the PKI required to support the full set of Trusted Computing functionality, the practical use and verification of attestation evidence, and backwards compatibility, usability and compliance issues.

Trusted System In Cloud Environment

2013

Abstract- Cloud security has gained increasingly emphasis in the research community, with much focus primary concentrated on how to secure the operation system and virtual machine on which cloud system runs on. A trust management system will match the service providers and the customers based on the requirements and offerings. In this paper, we proposed a new method to build a secure and trusted computing system for cloud environment. It includes s om e ip r t ancuity vic s, nc lud g h ti, fi dtyintegrity, are provided in cloud computing system. Keywords -- Cl oud C mp ti ng, IaaS, Tr sted System, Trusted Computing Group, C putiplatform. I. Introduction With the development in networking technology and the increasing need for computing resources, many companies have been prompted to outsource their storage and computing needs. This new economic computing model is commonly regarded as cloud computing [1]. Cloud computing provides a facility that enable large scale control sharing and...

TrustCloud: A Framework for Accountability and Trust in Cloud Computing

The key barrier to widespread uptake of cloud computing is the lack of trust in clouds by potential customers. While preventive controls for security and privacy are actively researched, there is still little focus on detective controls related to cloud accountability and auditability. The complexity resulting from large-scale virtualization and data distribution carried out in current clouds has revealed an urgent research agenda for cloud accountability, as has the shift in focus of customer concerns from servers to data. This paper discusses key issues and challenges in achieving a trusted cloud through the use of detective controls, and presents the TrustCloud framework, which addresses accountability in cloud computing via technical and policy-based approaches.