Dynamic Trustworthiness Verification Mechanism for Trusted Cloud Execution Environment
Author:
Affiliation:

  • Article
  • | |
  • Metrics
  • |
  • Reference [29]
  • |
  • Related [20]
  • |
  • Cited by [1]
  • | |
  • Comments
    Abstract:

    Providing a provable and verifiable execution environment for the tenants is a very important problem in the cloud computing mode. This paper proposes a dynamic trustworthiness verification mechanism for the tenants' virtual execution environment, named TCEE (trusted cloud execution environment), which extends the current trusted chain into virtual machine's architecture stack. It cyclically verifies the trustworthiness of the memory and file systems within the virtual execution environments. TCEE introduces a TTP (trusted third party) to perform the verification and audit action against tenants' virtual machines to avoid heavy involvement of end tenants and unnecessary information leakage of the cloud providers. A prove-of-concept prototype is implemented according to TCEE to evaluate the effectiveness and the performance overhead incurred. Experimental results show that TCEE is effective and its performance overhead is minor.

    Reference
    [1] Chen Y, Paxson V, Katz R. What's new about cloud computing security? Technical Report, UCB/EECS-2010-5, Berkeley: University of California at Berkley, 2010.
    [2] Ko RKL, Jagadpramana P, Mowbray M, Pearson S, Kirchberg M, Liang QH, Lee BS. TrustCloud: A framework for accountability and trust in cloud computing. In: Proc. of the 2nd IEEE World Congress on Services. 2011. 584-588. [doi: 10.1109/SERVICES. 2011.91]
    [3] Jansen W, Grance T. Guidelines on Security and Privacy in Public Cloud Computing. NIST, 2011.
    [4] Marco S. BlackHat presentation demo vids: Amazon, part 4 of 5, AMIBomb. 2009. http://www.sensepost.com/blog/3797.html
    [5] Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M. Above the clouds: A Berkeley view of cloud computing. Technical Report, UCB/EECS-2009-28, Berkeley: University of California at Berkley, 2009.
    [6] Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D. TVDc: Managing security in the trusted virtual datacenter. ACM SIGOPS Operating Systems Review, 2008,42(1):40-47. [doi: 10.1145/1341312.1341321]
    [7] Jinesh V. Migrating your existing applications to the AWS cloud. 2010. http://www.Amazon.com
    [8] Butler B. Eucalyptus: We're the amazon of private cloud companies. IDG Technical Report, 2012.
    [9] Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, van Doorn L. vTPM: Virtualizing the trusted platform module. In: Proc. of the 15th Conf. on USENIX Security Symp. 2006. 305-320.
    [10] Trusted Computing Group. TCG Software Stack (TSS) Specification—Version 1.2 Golden. 2007.
    [11] OpenPTS. http://sourceforge.jp/projects/openpts
    [12] Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D. Terra: A virtual machine based platform for trusted computing. In: Proc. of the 9th ACM Symp. on Operating Systems Principles. New York: ACM Press, 2003. 193-206. [doi: 10.1145/1165389.945464]
    [13] Cheng G, Jin H, Zou DQ, Zhang XW. Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing. Concurrency and Computation: Practice and Experience, 2010,22(9):1893-1910. [doi: 10.1002/cpe. 1614]
    [14] Khan I, Rehman H, Anwar Z. Design and deployment of a trusted eucalyptus cloud. In: Proc. of the IEEE Int'l Conf. on Cloud Computing. Washington: IEEE, 2011. 380-387. [doi: 10.1109/CLOUD.2011.105]
    [15] Krautheim FJ. Private virtual infrastructure for cloud computing. In: Proc. of the 2009 Conf. on Hot Topics in Cloud Computing. USENIX Association, 2009.
    [16] England P, Loeser J. Para-Virtualized TPM sharing. In: Proc. of the 1st Int'l Conf. on Trusted Computing and Trust in Information Technologies. 2008. 119-132.
    [17] Kursawe K, Schellekens D. Flexible uTPMs through disembedding. In: Proc. of the ACM Symp. on Information, Computer and Communications Security. 2009. 116-124.
    [18] Stumpf F, Eckert C. Enhancing trusted platform modules with hardware-based virtualization techniques. In: Proc. of the 2nd Int'l Conf. on Emerging Security Information, Systems and Technologies. 2008. 1-9.
    [19] Liu ZW, Feng DG. TPM-Based dynamic integrity measurement architecture. Journal of Electronics & Information Technology, 2010,32(4):875-879. [doi: 10.3724/SP.J.1146.2009.00408]
    [20] Bertholon B, Varrette S, Bouvry P. CERTICLOUD_a novel TPM-based approach to ensure cloud IaaS security. In: Proc. of the 4th Int'l Conf. on Cloud Computing. 2011. 1-8.
    [21] http://news.drweb.com/show/?i=2679&lng=en&c=14
    [22] http://www.enye-sec.org
    [23] IOzone. http://www.iozone.org/
    [24] http://www.tux.org/~mayer/linux/bmark.html
    [25] https://communities.netapp.com
    [26] Llanos DR. TPCC-UVa: An open-source TPC-C implementation for global performance measurement of computer systems. SIGMOD Record, 2006,35(4):6-15. [doi: 10.1145/1228268.1228270]
    [27] Reiner S, Zhang XL, Trent J, Sailer R, Zhang XL, Jaeger T, van Doorn L. Design and implementation of a TCG-based integrity measurement architecture. In: Proc. of the USENIX Security Symp. 2004.
    [28] Mario S, Stamer H. A software-based trusted platform module emulator. In: Proc. of the Trusted Computing-Challenges and Applications. Berlin, Heidelberg: Springer-Verlag, 2008. 33-47. [doi: 10.1007/978-3-540-68979-9_3]
    [29] Trusted Computing Group. http://www.trustedcomputinggroup.org
    Comments
    Comments
    分享到微博
    Submit
Get Citation

刘川意,林杰,唐博.面向云计算模式运行环境可信性动态验证机制.软件学报,2014,25(3):662-674

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:February 07,2013
  • Revised:June 21,2013
  • Online: July 25,2013
You are the first2032338Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063