Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment

doi:10.13328/j.cnki.jos.004447

微信服务号

微信订阅号

2025-4-3- 17

Home > Archive>Volume 25, Issue 3, 2014 >662-674. DOI:10.13328/j.cnki.jos.004447

PDF HTML XML Export Cite reminder

Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment
DOI:
                        10.13328/j.cnki.jos.004447
                    
Author:
                        LIU Chuan-YiLIU Chuan-Yi
Software School, Beijing University of Posts and Telecommunications, Beijing 100876, China;Key Laboratory of Trustworthy Distributed Computing and Service BUPT, Ministry of Education, Beijing 100876, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
LIN JieLIN Jie
School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China;Key Laboratory of Trustworthy Distributed Computing and Service BUPT, Ministry of Education, Beijing 100876, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
TANG BoTANG Bo
Department of IT Construction, Postal Savings Bank of China, Beijing 100808, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:
Clc Number:
Fund Project:

Article

Figures

Metrics

Reference [29]

Related [20]

Cited by [1]

Materials

Comments

Abstract:

Providing a provable and verifiable execution environment for the tenants is a very important problem in the cloud computing mode. This paper proposes a dynamic trustworthiness verification mechanism for the tenants' virtual execution environment, named TCEE (trusted cloud execution environment), which extends the current trusted chain into virtual machine's architecture stack. It cyclically verifies the trustworthiness of the memory and file systems within the virtual execution environments. TCEE introduces a TTP (trusted third party) to perform the verification and audit action against tenants' virtual machines to avoid heavy involvement of end tenants and unnecessary information leakage of the cloud providers. A prove-of-concept prototype is implemented according to TCEE to evaluate the effectiveness and the performance overhead incurred. Experimental results show that TCEE is effective and its performance overhead is minor.

Key words:cloud computing;trustworthiness verification;trusted computing;trusted platform module

Reference

[1] Chen Y, Paxson V, Katz R. What's new about cloud computing security? Technical Report, UCB/EECS-2010-5, Berkeley: University of California at Berkley, 2010.

[2] Ko RKL, Jagadpramana P, Mowbray M, Pearson S, Kirchberg M, Liang QH, Lee BS. TrustCloud: A framework for accountability and trust in cloud computing. In: Proc. of the 2nd IEEE World Congress on Services. 2011. 584-588. [doi: 10.1109/SERVICES. 2011.91]

[3] Jansen W, Grance T. Guidelines on Security and Privacy in Public Cloud Computing. NIST, 2011.

[4] Marco S. BlackHat presentation demo vids: Amazon, part 4 of 5, AMIBomb. 2009. http://www.sensepost.com/blog/3797.html

[5] Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M. Above the clouds: A Berkeley view of cloud computing. Technical Report, UCB/EECS-2009-28, Berkeley: University of California at Berkley, 2009.

[6] Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D. TVDc: Managing security in the trusted virtual datacenter. ACM SIGOPS Operating Systems Review, 2008,42(1):40-47. [doi: 10.1145/1341312.1341321]

[7] Jinesh V. Migrating your existing applications to the AWS cloud. 2010. http://www.Amazon.com

[8] Butler B. Eucalyptus: We're the amazon of private cloud companies. IDG Technical Report, 2012.

[9] Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, van Doorn L. vTPM: Virtualizing the trusted platform module. In: Proc. of the 15th Conf. on USENIX Security Symp. 2006. 305-320.

[10] Trusted Computing Group. TCG Software Stack (TSS) Specification—Version 1.2 Golden. 2007.

[11] OpenPTS. http://sourceforge.jp/projects/openpts

[12] Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D. Terra: A virtual machine based platform for trusted computing. In: Proc. of the 9th ACM Symp. on Operating Systems Principles. New York: ACM Press, 2003. 193-206. [doi: 10.1145/1165389.945464]

[13] Cheng G, Jin H, Zou DQ, Zhang XW. Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing. Concurrency and Computation: Practice and Experience, 2010,22(9):1893-1910. [doi: 10.1002/cpe. 1614]

[14] Khan I, Rehman H, Anwar Z. Design and deployment of a trusted eucalyptus cloud. In: Proc. of the IEEE Int'l Conf. on Cloud Computing. Washington: IEEE, 2011. 380-387. [doi: 10.1109/CLOUD.2011.105]

[15] Krautheim FJ. Private virtual infrastructure for cloud computing. In: Proc. of the 2009 Conf. on Hot Topics in Cloud Computing. USENIX Association, 2009.

[16] England P, Loeser J. Para-Virtualized TPM sharing. In: Proc. of the 1st Int'l Conf. on Trusted Computing and Trust in Information Technologies. 2008. 119-132.

[17] Kursawe K, Schellekens D. Flexible uTPMs through disembedding. In: Proc. of the ACM Symp. on Information, Computer and Communications Security. 2009. 116-124.

[18] Stumpf F, Eckert C. Enhancing trusted platform modules with hardware-based virtualization techniques. In: Proc. of the 2nd Int'l Conf. on Emerging Security Information, Systems and Technologies. 2008. 1-9.

[19] Liu ZW, Feng DG. TPM-Based dynamic integrity measurement architecture. Journal of Electronics & Information Technology, 2010,32(4):875-879. [doi: 10.3724/SP.J.1146.2009.00408]

[20] Bertholon B, Varrette S, Bouvry P. CERTICLOUD_a novel TPM-based approach to ensure cloud IaaS security. In: Proc. of the 4th Int'l Conf. on Cloud Computing. 2011. 1-8.

[21] http://news.drweb.com/show/?i=2679&lng=en&c=14

[22] http://www.enye-sec.org

[23] IOzone. http://www.iozone.org/

[24] http://www.tux.org/~mayer/linux/bmark.html

[25] https://communities.netapp.com

[26] Llanos DR. TPCC-UVa: An open-source TPC-C implementation for global performance measurement of computer systems. SIGMOD Record, 2006,35(4):6-15. [doi: 10.1145/1228268.1228270]

[27] Reiner S, Zhang XL, Trent J, Sailer R, Zhang XL, Jaeger T, van Doorn L. Design and implementation of a TCG-based integrity measurement architecture. In: Proc. of the USENIX Security Symp. 2004.

[28] Mario S, Stamer H. A software-based trusted platform module emulator. In: Proc. of the Trusted Computing-Challenges and Applications. Berlin, Heidelberg: Springer-Verlag, 2008. 33-47. [doi: 10.1007/978-3-540-68979-9_3]

[29] Trusted Computing Group. http://www.trustedcomputinggroup.org

Get Citation

刘川意,林杰,唐博.面向云计算模式运行环境可信性动态验证机制.软件学报,2014,25(3):662-674

Copy

Article Metrics

Abstract:
PDF:
HTML:
Cited by:

History

Received:February 07,2013
Revised:June 21,2013
Adopted:
Online: July 25,2013
Published:

You are the first2032338Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address：4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code：100190
Phone：010-62562563 Fax：010-62562533 Email：jos@iscas.ac.cn
Technical Support：Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063

微信服务号

微信订阅号

Get Citation

Share

微信扫一扫：分享

Article Metrics

History