Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications

Abstract

The applications we use are increasingly packaged as network services running in the cloud under the control of a service provider. Users of these services have no basis to determine if these services are trustworthy, beyond the assurances of the service provider. Our work addresses the problem of how to build support for trustworthy services in the cloud, within the context of a larger trust management framework. This paper shows how users can gain insights and trust into service applications by leveraging trust in a neutral third party: a cloud provider that hosts application services on an infrastructure and platform that it controls. A trusted cloud provider may act as a root of trust to attest cloud-hosted services to their clients---a trusted platform cloud. We have prototyped this approach in a trusted platform-as-a-service cloud provider supporting a Python/Django web framework. The cloud provider seals instances of service applications and attests their Python source code to external users. Once launched and attested, service instances run with an independent identity and are isolated from tampering by the cloud customer, except through well-defined operator interfaces that are part of the service definition.