Lightweight Distributed Heterogeneous Attested Android Clouds

  • Martin Pirker
  • Johannes Winter
  • Ronald Toegl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7344)


Moving local services into a network of Cloud nodes raises security concerns as this affects control over data and code execution. The Trusted Platform Module can help detect Cloud nodes running unknown software configurations. To achieve this, we propose a node join protocol that enforces remote attestation. We prototype our approach on both current x86 systems with Intel Trusted Execution Technology and on ARM hardware platforms. We use Android as common system software, and show that it is well suited to build a chain-of-trust.


Cloud Computing Cloud Provider Trusted Platform Module Trust Computing IaaS Cloud 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Android x86 Team: Android-x86 - porting android to x86 (2011),
  2. 2.
    ARM Ltd.: TrustZone Technology Overview (2011),
  3. 3.
    Azab, A.M., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 375–388. ACM, New York (2011), Google Scholar
  4. 4.
    Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42, 40–47 (2008),
  5. 5.
    Brown, A., Chase, J.S.: Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 15–20. ACM, New York (2011), CrossRefGoogle Scholar
  6. 6.
    Cooper, A., Martin, A.: Towards a secure, tamper-proof grid platform. In: Sixth IEEE International Symposium on Cluster Computing and the Grid, CCGRID 2006, vol. 1, p. 8 (2006), doi:10.1109/CCGRID.2006.103Google Scholar
  7. 7.
    Daniele Catteddu, G.H.: Cloud Computing benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, ENISA (2009)Google Scholar
  8. 8.
    Danner, P., Hein, D.: A trusted computing identity collation protocol to simplify deployment of new disaster response devices. Journal of Universal Computer Science 16(9), 1139–1151 (2010)Google Scholar
  9. 9.
    Denk, W., et al.: Das u-boot – the universal boot loader (2010),
  10. 10.
    Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing. In: Barthe, G., Fournet, C. (eds.) TGC 2007. LNCS, vol. 4912, pp. 156–168. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Duflot, L., Perez, Y.A.: Can you still trust your network card. CanSecWest 2010 (2010),
  12. 12.
    Duflot, L., Perez, Y.A.: Run-time firmware integrity verification: what if you can’t trust your network card? CanSecWest 2011 (2011),
  13. 13.
    Freescale Semiconductor Inc.: i.mx51 evaluation kit (2010),
  14. 14.
    Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (February 2009)Google Scholar
  15. 15.
    Intel Corporation: Tboot - Trusted Boot (2008),
  16. 16.
    Krautheim, F.J., Phatak, D.S., Sherman, A.T.: Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 211–227. Springer, Heidelberg (2010), CrossRefGoogle Scholar
  17. 17.
    Löhr, H., Ramasamy, H.V., Sadeghi, A.-R., Schulz, S., Schunter, M., Stüble, C.: Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 372–384. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Mao, W., Martin, A., Jin, H., Zhang, H.: Innovations for grid security from trusted computing (2009),
  19. 19.
    McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 23–32 (2006)Google Scholar
  20. 20.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)Google Scholar
  21. 21.
    McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, pp. 315–328. ACM (2008)Google Scholar
  22. 22.
    Pirker, M., Toegl, R.: Trusted computing for the JavaTMplatform (2011),
  23. 23.
    Pirker, M., Toegl, R., Gissing, M.: Dynamic Enforcement of Platform Integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for Anonymity and Trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 101–119. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Pirker, M., Winter, J., Toegl, R.: Lightweight distributed attestation for the cloud. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, CLOSER (2012)Google Scholar
  26. 26.
    Podesser, S., Toegl, R.: A Software Architecture for Introducing Trust in Java-Based Clouds. In: Park, J.J., Lopez, J., Yeo, S.-S., Shon, T., Taniar, D. (eds.) STA 2011. CCIS, vol. 186, pp. 45–53. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  27. 27.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. USENIX Association, Berkeley, CA, USA (2009), Google Scholar
  28. 28.
    Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society Press, Washington, DC (2009)Google Scholar
  29. 29.
    Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 43–46. ACM, New York (2010), CrossRefGoogle Scholar
  30. 30.
    Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. J. Parallel Distrib. Comput. 66(9), 1189–1204 (2006)zbMATHCrossRefGoogle Scholar
  31. 31.
    Tarnovsky, C.: Hacking the Smartcard Chip. In: Blackhat DC (2010),
  32. 32.
    Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 326–345. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  33. 33.
    Trusted Computing Group: TCG TPM Specification Version 1.2 (2007),
  34. 34.
    Trusted Computing Group: Do You Know? A Few Notes on Trusted Computing Out in the World (2011),
  35. 35.
    Vejda, T., Toegl, R., Pirker, M., Winkler, T.: Towards Trust Services for Language-Based Virtual Machines for Grid Computing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 48–59. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  36. 36.
    Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: mytrustedcloud: Trusted cloud infrastructure for security-critical computation and data managment. In: Proeedings of Cloudcom (2011) (in print)Google Scholar
  37. 37.
    Winter, J., Dietrich, K.: A Hijacker’s Guide to the LPC Bus. In: EuroPKI 2011 Proceedings (2011) (in print)Google Scholar
  38. 38.
    Wojtczuk, R., Rutkowska, J.: Attacking Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009),
  39. 39.
    Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another Way to Circumvent Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Martin Pirker
    • 1
  • Johannes Winter
    • 1
  • Ronald Toegl
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations