Trusted Launch of Virtual Machine Instances in Public IaaS Environments

  • Nicolae Paladi
  • Christian Gehrmann
  • Mudassar Aslam
  • Fredric Morenius
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7839)

Abstract

Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.

Keywords

IaaS security trusted computing trusted virtual machine launch OpenStack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Smith, J., Nair, R.: Virtual Machines: Versatile Platforms for Systems and Processes. Morgan Kaufmann (June 2005)Google Scholar
  2. 2.
    Krutz, R.L., Vines, R.D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. John Wiley & Sons (August 2010)Google Scholar
  3. 3.
    Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All Your Clouds are Belong to us: Security Analysis of Cloud Management Interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW 2011, pp. 3–14. ACM, New York (2011)Google Scholar
  4. 4.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 199–212. ACM, New York (2009)Google Scholar
  5. 5.
    Pohlmann, N., Reimer, H.: Trusted Computing - eine Einführung. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 3–12. Vieweg+Teubner (2008), doi:10.1007/978-3-8348-9452-6_1Google Scholar
  6. 6.
    Neisse, R., Holling, D., Pretschner, A.: Implementing Trust in Cloud Infrastructures. In: 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 524–533 (May 2011)Google Scholar
  7. 7.
    Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-Based TPM Virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Danev, B., Masti, R.J., Karame, G.O., Capkun, S.: Enabling Secure VM-vTPM Migration in Private Clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 187–196. ACM, New York (2011)Google Scholar
  9. 9.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards Trusted Cloud Computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud 2009. USENIX Association, Berkeley (2009)Google Scholar
  10. 10.
    Aslam, M., Gehrmann, C., Rasmusson, L., Björkman, M.: Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud - An Enterprise’s Perspective. In: Leymann, F., Ivanov, I., van Sinderen, M., Shan, T. (eds.) CLOSER, pp. 511–521. SciTePress (2012)Google Scholar
  11. 11.
    Aslam, M., Gehrmann, C., Björkman, M.: Security and Trust Preserving VM Migrations in Public Clouds. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool (2012)Google Scholar
  12. 12.
    Mell, P., Gance, T.: The nist definition of cloud computing. Technical report, National Institute of Standards and Technology (September 2011)Google Scholar
  13. 13.
    Goyal, P.: Application of a Distributed Security Method to End-2-End Services Security in Independent Heterogeneous Cloud Computing Environments. In: 2011 IEEE World Congress on Services, pp. 379–384 (July 2011)Google Scholar
  14. 14.
    Trusted Computing Group: TCG Specification, Architecture Overview, revision 1.4. Technical report, Trusted Computing Group (2007)Google Scholar
  15. 15.
    Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    Price, M.: The Paradox of Security in Virtual Environments. Computer 41(11), 22–28 (2008)CrossRefGoogle Scholar
  17. 17.
    Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Attacking intel trusted execution technology. In: Black Hat USA 2008, Las Vegas, NV, August 7 (2008)Google Scholar
  18. 18.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold-Boot Attacks on Encryption Keys. Commun. ACM 52, 91–98 (2009)CrossRefGoogle Scholar
  19. 19.
    Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding Clouds With Trust Anchors. In: Proceedings of the, ACM Workshop on Cloud Computing Security, CCSW 2010, pp. 43–46. ACM, New York (2010)CrossRefGoogle Scholar
  20. 20.
    Molnar, D., Schechter, S.: Self Hosting vs. Cloud Hosting: Accounting for the Security Impact of Hosting in the Cloud. In: Workshop of the Economics of Cloud Security, pp. 1–18 (2010)Google Scholar
  21. 21.
    Chen, Y., Paxson, V., Katz, R.: The Hybrex Model for Confidentiality and Privacy in Cloud Computing. Technical Report UCB/EECS-2010-5, EECS Department, University of California, Berkeley (January 2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Nicolae Paladi
    • 1
  • Christian Gehrmann
    • 1
  • Mudassar Aslam
    • 1
  • Fredric Morenius
    • 2
  1. 1.Swedish Institute of Computer ScienceStockholmSweden
  2. 2.Ericsson ResearchStockholmSweden

Personalised recommendations