Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds

نویسندگان

  • Nicolae Paladi
  • Christian Gehrmann
  • Fredric Morenius
چکیده

Confidentiality and integrity of data in Infrastructure-as-a-Service (IaaS) environments increase in relevance as adoption of IaaS advances towards maturity. While current solutions assume a high degree of trust in IaaS provider staff and infrastructure management processes, earlier incidents have demonstrated that neither are impeccable. In this paper we introduce Domain-Based Storage Protection (DBSP) a data confidentiality and integrity protection mechanism for IaaS environments, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We describe the building blocks of this mechanism and provide a set of detailed protocols for generation and handling of keys for confidentiality and integrity protection of data stored by guest VM instances. The protocols assume an untrusted IaaS provider and aim to prevent both malicious and accidental faulty configurations that could lead to breach of data confidentiality and integrity in IaaS deployments.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

HVX: Virtualizing the Cloud

Nowadays there is significant diversity in Infrastructure as a Service (IaaS) clouds. The differences span from virtualization technology and hypervisors, through storage and network configuration, to the cloud management APIs. These differences make migration of a VM (or a set of VMs) from a private cloud into a public cloud, or between different public clouds, complicated or even impractical ...

متن کامل

Untersuchung und Entwicklung von Cloud-Computing-Diensten als Grundlage zur Schaffung eines Marktplatzes

This thesis evaluates and develops, where this is needed and possible, the technical principles of a cloud marketplace. These basic principles are infrastructure services for managing and provisioning computational power, persistent storage and (virtual) network resources. Furthermore tools are needed to integrate the resources in the form of services and provide the customers a uniform user in...

متن کامل

Secure Hardware-Based Public Cloud Storage

The storage of data on remote systems such as the public cloud opens new challenges in the field of data protection and security of the stored files. One possible solution for meeting these challenges is the encryption of the data at the local device, e.g. desktop, tablet, or smartphone, prior to the data transfer to the remote cloud-based storage. However, this approach bears additional challe...

متن کامل

Solution Profile for Lowest Tco and Maximum Agility Choose Vmware Cloud Foundation, the Sddc Platform for Hybrid Clouds

The race is on at full speed. What race? The race to bring public cloud agility and economics to a data center near you. Ever since the first integrated systems came onto the scene in 2010, vendors have been furiously engineering solutions to make on-premises infrastructure as cost effective and as easy to use as the public cloud, while also providing the security, availability, and control tha...

متن کامل

Identity-based remote data possession checking in public clouds

Checking remote data possession is of crucial importance in public cloud storage. It enables the users to check that their outsourced data have been kept intact without downloading the original data. The existing remote data possession checking (RDPC) protocols have been designed in the PKI (public key infrastructure) setting. The cloud server has to validate the users’ certificates before stor...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013