TapCon: Practical Third-Party Attestation for the Cloud
نویسندگان
چکیده
One way to establish trust in a service is to know what code it is running. However, verified code identity is currently not possible for programs launched on a cloud by another party. We propose an approach to integrate support for code attestation—authenticated statements of code identity—into layered cloud platforms and services. To illustrate, this paper describes TapCon, an attesting container manager that provides source-based attestation and network-based authentication for containers on a trusted cloud platform incorporating new features for code attestation. TapCon allows a third party to verify that an attested container is running specific code bound securely to an identified source repository. We also show how to use attested code identity as a basis for access control. This structure enables new use cases such as joint data mining, in which two data owners agree on a safe analytics program that protects the privacy of their inputs, and then ensure that only the designated program can access their data.
منابع مشابه
Practical Third-Party Attestation for the Cloud
Central to establishing trust in a service is knowing what code is running. On a single host, this can be ensured by locally downloading and compiling code, including the operating system image. However, this is not possible for programs that are run by another party: even if the source code is known and available to a client, she cannot verify that a service is actually running that trusted co...
متن کاملPoster: Forcing the Cloud to Forget by Attesting Data Deletion
Cloud computing requires that data is given to a third party with an unknown IT infrastructure for a specific purpose. Consequently, this raises numerous questions regarding the control over the data: how can be ensured that the data is used for a specific purpose and only for that purpose. There are several solutions for a predefined purpose such as storing data [7], [1] or for more general pu...
متن کاملCounteracting security attacks in virtual machines in the cloud using property based attestation
Cloud computing technologies are receiving a great deal of attention. Furthermore most of the hardware devices such as the PCs and mobile phones are increasingly having a trusted component called Trusted Platform Module embedded in them, which helps to measure the state of the platform and hence reason about its trust. Recently attestation techniques such as binary attestation and property base...
متن کاملProperty-Based Attestation without a Trusted Third Party
The Trusted Computing Group (TCG) has proposed the binary attestation mechanism that enables a computing platform with a dedicated security chip, the Trusted Platform Module (TPM), to report its state to remote parties. The concept of property-based attestation (PBA) improves the binary attestation and compensates for some of its main deficiencies. In particular, PBA enhances user privacy by al...
متن کاملERASMUS: Efficient Remote Attestation via Self- Measurement for Unattended Settings
Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as an interactive protocol, whereby a trusted party – verifier – measures integrity of a potentially compromised remote device – prover. Early work focused on purely softwarebased and fully hardware-based techniques, neither of which is ideal for low-end devices. More recent resul...
متن کامل