Joshua Schiffman, Thomas Moyer, H. Vijayakumar, T. Jaeger, P. Mcdaniel
{"title":"用信任的锚播种云","authors":"Joshua Schiffman, Thomas Moyer, H. Vijayakumar, T. Jaeger, P. Mcdaniel","doi":"10.1145/1866835.1866843","DOIUrl":null,"url":null,"abstract":"Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"124","resultStr":"{\"title\":\"Seeding clouds with trust anchors\",\"authors\":\"Joshua Schiffman, Thomas Moyer, H. Vijayakumar, T. Jaeger, P. Mcdaniel\",\"doi\":\"10.1145/1866835.1866843\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.\",\"PeriodicalId\":300613,\"journal\":{\"name\":\"Cloud Computing Security Workshop\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"124\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cloud Computing Security Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1866835.1866843\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1866835.1866843","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to protect themselves from attack, ensure isolation of customer processing, or load customer processing correctly. To provide assurance of data processing protection in clouds to customers, we advocate methods to improve cloud transparency using hardware-based attestation mechanisms. We find that the centralized management of cloud data centers is ideal for attestation frameworks, enabling the development of a practical approach for customers to trust in the cloud platform. Specifically, we propose a cloud verifier service that generates integrity proofs for customers to verify the integrity and access control enforcement abilities of the cloud platform that protect the integrity of customer's application VMs in IaaS clouds. While a cloud-wide verifier service could present a significant system bottleneck, we demonstrate that aggregating proofs enables significant overhead reductions. As a result, transparency of data security protection can be verified at cloud-scale.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
