Software Architectures for Self-protection in IaaS Clouds
In this chapter, we focus on software architectures for self-protection in IaaS clouds. IaaS clouds, especially hybrid clouds, are becoming increasingly popular because of the need for developers and enterprises to dynamically increase/decrease their use of computing resources to adapt quickly to market forces and customer demands, reduce costs, and increase fault tolerance. However, the adoption of public IaaS and hybrid clouds by enterprises is slower than expected because the current hybrid cloud infrastructures do not provide scalable and efficient mechanisms to prevent software tampering and configuration errors and ensure the trustworthiness and integrity of the software stack executing a hybrid application workload; or to enforce governmental privacy and audit regulations by ensuring that remote data and computation do not cross specified geographic boundaries. We discuss the recent research on integrating intrusion detection systems in IaaS infrastructures, as well as hardware-rooted integrity verification and geographic fencing to address the concerns outlined above.
KeywordsVirtual Machine Software Architecture Intrusion Detection System Cloud Provider Cloud Service Provider
Unable to display preview. Download preview PDF.
- 1.Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. vtpm: Virtualizing the trusted platform module. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS’06, Berkeley, CA, USA, 2006. USENIX Association.Google Scholar
- 2.EU Framework 7 – TClouds Project. Trustworthy Clouds Privacy and Resilience for Internet-scale Critical Infrastructure, 2013. http://www.tclouds-project.eu/index.php/published-results/public-deliverables.
- 3.W. Futral and J. Greene. Intel Trusted Execution Technology for Server Platforms, 2014. http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/trusted-execution-technology-security-paper.pdf.
- 4.Benjamin Hindman, Andy Konwinski, Matei Zaharia, Ali Ghodsi, Anthony D. Joseph, Randy Katz, Scott Shenker, and Ion Stoica. Mesos: A platform for fine-grained resource sharing in the data center. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, NSDI’11, pages 295–308, Berkeley, CA, USA, 2011. USENIX Association.Google Scholar
- 5.OpenStack. OpenStack Architecture, 2014. http://docs.openstack.org/training-guides/content/module001-ch004-openstack-architecture.html.
- 6.OpenStack. Nova Developer Documentation, 2014. http://docs.openstack.org/developer/nova/.
- 7.Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, pages 16–16, Berkeley, CA, USA, 2004. USENIX Association.Google Scholar
- 8.Malte Schwarzkopf, Andy Konwinski, Michael Abd-El-Malek, and John Wilkes. Omega: Flexible, scalable schedulers for large compute clusters. In Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys ’13, pages 351–364, New York, NY, USA, 2013. ACM.Google Scholar
- 9.Trusted Computing Group. Trusted Boot, 2014. http://www.trustedcomputinggroup.org/resources/trusted_boot.
- 10.Trusted Computing Group. Trusted Computing Group Web Portal, 2014. http://www.trustedcomputinggroup.org.
- 11.Trusted Computing Group. Trusted Platform Module Specification, 2014. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
- 12.R. Wilkins and B. Richardson. UEFI Secure Boot in Modern Computer Security Solutions, 2013. http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf.
- 13.R. Yeluri and E. Castro-Leon. Building the Infrastructure for Cloud Security A Solutions View. Apress Inc., 2014.Google Scholar