Advertisement

Lightweight Distributed Heterogeneous Attested Android Clouds

  • Martin Pirker
  • Johannes Winter
  • Ronald Toegl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7344)

Abstract

Moving local services into a network of Cloud nodes raises security concerns as this affects control over data and code execution. The Trusted Platform Module can help detect Cloud nodes running unknown software configurations. To achieve this, we propose a node join protocol that enforces remote attestation. We prototype our approach on both current x86 systems with Intel Trusted Execution Technology and on ARM hardware platforms. We use Android as common system software, and show that it is well suited to build a chain-of-trust.

Keywords

Cloud Computing Cloud Provider Trusted Platform Module Trust Computing IaaS Cloud 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Android x86 Team: Android-x86 - porting android to x86 (2011), http://www.android-x86.org/
  2. 2.
    ARM Ltd.: TrustZone Technology Overview (2011), http://www.arm.com/products/esd/trustzone_home.html
  3. 3.
    Azab, A.M., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 375–388. ACM, New York (2011), http://doi.acm.org/10.1145/2046707.2046752 Google Scholar
  4. 4.
    Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42, 40–47 (2008), http://doi.acm.org/10.1145/1341312.1341321
  5. 5.
    Brown, A., Chase, J.S.: Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 15–20. ACM, New York (2011), http://doi.acm.org/10.1145/2046660.2046665 CrossRefGoogle Scholar
  6. 6.
    Cooper, A., Martin, A.: Towards a secure, tamper-proof grid platform. In: Sixth IEEE International Symposium on Cluster Computing and the Grid, CCGRID 2006, vol. 1, p. 8 (2006), doi:10.1109/CCGRID.2006.103Google Scholar
  7. 7.
    Daniele Catteddu, G.H.: Cloud Computing benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, ENISA (2009)Google Scholar
  8. 8.
    Danner, P., Hein, D.: A trusted computing identity collation protocol to simplify deployment of new disaster response devices. Journal of Universal Computer Science 16(9), 1139–1151 (2010)Google Scholar
  9. 9.
    Denk, W., et al.: Das u-boot – the universal boot loader (2010), http://www.denx.de/wiki/U-Boot
  10. 10.
    Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing. In: Barthe, G., Fournet, C. (eds.) TGC 2007. LNCS, vol. 4912, pp. 156–168. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Duflot, L., Perez, Y.A.: Can you still trust your network card. CanSecWest 2010 (2010), http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf
  12. 12.
    Duflot, L., Perez, Y.A.: Run-time firmware integrity verification: what if you can’t trust your network card? CanSecWest 2011 (2011), http://www.ssi.gouv.fr/IMG/pdf/Duflot-Perez_runtime-firmware-integrity-verification.pdf
  13. 13.
    Freescale Semiconductor Inc.: i.mx51 evaluation kit (2010), http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MCIMX51EVKJ
  14. 14.
    Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (February 2009)Google Scholar
  15. 15.
    Intel Corporation: Tboot - Trusted Boot (2008), http://sourceforge.net/projects/tboot/
  16. 16.
    Krautheim, F.J., Phatak, D.S., Sherman, A.T.: Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 211–227. Springer, Heidelberg (2010), http://dl.acm.org/citation.cfm?id=1875652.1875667 CrossRefGoogle Scholar
  17. 17.
    Löhr, H., Ramasamy, H.V., Sadeghi, A.-R., Schulz, S., Schunter, M., Stüble, C.: Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 372–384. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Mao, W., Martin, A., Jin, H., Zhang, H.: Innovations for grid security from trusted computing (2009), http://dx.doi.org/10.1007/978-3-642-04904-0_18
  19. 19.
    McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 23–32 (2006)Google Scholar
  20. 20.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)Google Scholar
  21. 21.
    McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, pp. 315–328. ACM (2008)Google Scholar
  22. 22.
    Pirker, M., Toegl, R.: Trusted computing for the JavaTMplatform (2011), http://trustedjava.sourceforge.net/
  23. 23.
    Pirker, M., Toegl, R., Gissing, M.: Dynamic Enforcement of Platform Integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for Anonymity and Trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 101–119. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Pirker, M., Winter, J., Toegl, R.: Lightweight distributed attestation for the cloud. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, CLOSER (2012)Google Scholar
  26. 26.
    Podesser, S., Toegl, R.: A Software Architecture for Introducing Trust in Java-Based Clouds. In: Park, J.J., Lopez, J., Yeo, S.-S., Shon, T., Taniar, D. (eds.) STA 2011. CCIS, vol. 186, pp. 45–53. Springer, Heidelberg (2011), http://dx.doi.org/10.1007/978-3-642-22339-6_6 CrossRefGoogle Scholar
  27. 27.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. USENIX Association, Berkeley, CA, USA (2009), http://dl.acm.org/citation.cfm?id=1855533.1855536 Google Scholar
  28. 28.
    Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society Press, Washington, DC (2009)Google Scholar
  29. 29.
    Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 43–46. ACM, New York (2010), http://doi.acm.org/10.1145/1866835.1866843 CrossRefGoogle Scholar
  30. 30.
    Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. J. Parallel Distrib. Comput. 66(9), 1189–1204 (2006)zbMATHCrossRefGoogle Scholar
  31. 31.
    Tarnovsky, C.: Hacking the Smartcard Chip. In: Blackhat DC (2010), http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html#Tarnovsky
  32. 32.
    Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 326–345. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  33. 33.
    Trusted Computing Group: TCG TPM Specification Version 1.2 (2007), https://www.trustedcomputinggroup.org/developers/
  34. 34.
    Trusted Computing Group: Do You Know? A Few Notes on Trusted Computing Out in the World (2011), http://www.trustedcomputinggroup.org/community/2011/03/do_you_know_a_few_notes_on_trusted_computing_out_in_the_world
  35. 35.
    Vejda, T., Toegl, R., Pirker, M., Winkler, T.: Towards Trust Services for Language-Based Virtual Machines for Grid Computing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 48–59. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  36. 36.
    Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: mytrustedcloud: Trusted cloud infrastructure for security-critical computation and data managment. In: Proeedings of Cloudcom (2011) (in print)Google Scholar
  37. 37.
    Winter, J., Dietrich, K.: A Hijacker’s Guide to the LPC Bus. In: EuroPKI 2011 Proceedings (2011) (in print)Google Scholar
  38. 38.
    Wojtczuk, R., Rutkowska, J.: Attacking Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf
  39. 39.
    Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another Way to Circumvent Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Martin Pirker
    • 1
  • Johannes Winter
    • 1
  • Ronald Toegl
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations