{"title":"Hardware-Assisted Static and Runtime Attestation for Cloud Deployments","authors":"Michał Kucab;Piotr Boryło;Piotr Chołda","doi":"10.1109/TCC.2023.3327290","DOIUrl":null,"url":null,"abstract":"This article is devoted to the problems of static and runtime integrity for cloud deployments. Existing remote attestation solutions for cloud infrastructure do not cover static and dynamic attestation as a whole. They evaluate either the static or dynamic part, not considering the rest. We address this gap by proposing a runtime attestation process based on hardware CET technology, as an enhancement to static attestation enabled by SGX. We show how hardware-assisted protection for control-flow-related attacks can enhance virtual deployment security with minimal tradeoff. Our solution does not significantly increase the processing time. Moreover, a processing time can even be reduced when this mechanism is used as a default protection method against control-flow related attacks.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":null,"pages":null},"PeriodicalIF":5.3000,"publicationDate":"2023-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10294292/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
This article is devoted to the problems of static and runtime integrity for cloud deployments. Existing remote attestation solutions for cloud infrastructure do not cover static and dynamic attestation as a whole. They evaluate either the static or dynamic part, not considering the rest. We address this gap by proposing a runtime attestation process based on hardware CET technology, as an enhancement to static attestation enabled by SGX. We show how hardware-assisted protection for control-flow-related attacks can enhance virtual deployment security with minimal tradeoff. Our solution does not significantly increase the processing time. Moreover, a processing time can even be reduced when this mechanism is used as a default protection method against control-flow related attacks.
期刊介绍:
The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.