Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments
نویسندگان
چکیده
Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their faster-pased adoption is hampered by data security concerns. In the same time, Trusted Computing (TC) is experiencing a revived interest as a security mechanism for IaaS. We address the lack of an implementable mechanism to ensure the launch of a virtual machine (VM) instance on a trusted remote host. Relying on Trusted Platform Modules operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for generic VM images in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.
منابع مشابه
Trusted Launch of Virtual Machine Instances in Public IaaS Environments
Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host....
متن کاملSecurely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud - An Enterprise's Perspective
In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contr...
متن کاملTrusted Computing and Secure Virtualization in Cloud Computing Master Thesis
Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the C...
متن کاملA trusted measurement model based on dynamic policy and privacy protection in IaaS security domain
In Infrastructure as a Service (IaaS) environments, the user virtual machine is the user’s private property. However, in the case of privacy protection, how to ensure the security of files in the user virtual machine and the user virtual machine’s behavior does not affect other virtual machines; it is a major challenge. This paper presents a trusted measurement model based on dynamic policy and...
متن کاملTowards Trusted Cloud Computing
Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. However, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation. To address this problem we propose the design of a trusted cloud computing platform (TCCP). TCCP enables Infrastructure as a Service (IaaS) providers...
متن کامل