可扩展认证:迈向安全和可信云的一步

2015 IEEE International Conference on Cloud Engineering Pub Date : 2015-03-09 DOI:10.1109/MCC.2015.97

Stefan Berger, Kenneth A. Goldman, D. Pendarakis, D. Safford, Enriquillo Valdez, Mimi Zohar

{"title":"可扩展认证:迈向安全和可信云的一步","authors":"Stefan Berger, Kenneth A. Goldman, D. Pendarakis, D. Safford, Enriquillo Valdez, Mimi Zohar","doi":"10.1109/MCC.2015.97","DOIUrl":null,"url":null,"abstract":"In this work we present Scalable Attestation, a method which combines both secure boot and trusted boot technologies, and extends them up into the host, its programs, and up into the guest's operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, we gain a simple hardware based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud test beds based on the QEMU/KVM hypervisor, Open Stack, and Open Attestation, and is shown to provide significant additional integrity protection at negligible cost.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"Scalable Attestation: A Step Toward Secure and Trusted Clouds\",\"authors\":\"Stefan Berger, Kenneth A. Goldman, D. Pendarakis, D. Safford, Enriquillo Valdez, Mimi Zohar\",\"doi\":\"10.1109/MCC.2015.97\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work we present Scalable Attestation, a method which combines both secure boot and trusted boot technologies, and extends them up into the host, its programs, and up into the guest's operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, we gain a simple hardware based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud test beds based on the QEMU/KVM hypervisor, Open Stack, and Open Attestation, and is shown to provide significant additional integrity protection at negligible cost.\",\"PeriodicalId\":395715,\"journal\":{\"name\":\"2015 IEEE International Conference on Cloud Engineering\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-03-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Cloud Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MCC.2015.97\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Cloud Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MCC.2015.97","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

在这项工作中，我们提出了可扩展的认证，这是一种结合了安全引导和可信引导技术的方法，并将它们扩展到主机、其程序以及客户的操作系统和工作负载中，以检测和防止完整性攻击。这种完整性评估和认证固定在硬件中，可以保护持久数据(文件)免受远程攻击，即使攻击是由root特权发起的。作为基于硬件的认证的一个额外好处，我们获得了一个简单的基于硬件的地理位置认证，以帮助执行法规要求。该设计在基于QEMU/KVM管理程序、Open Stack和Open Attestation的多个云测试平台中实现，并以可忽略不计的成本提供重要的额外完整性保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Scalable Attestation: A Step Toward Secure and Trusted Clouds

In this work we present Scalable Attestation, a method which combines both secure boot and trusted boot technologies, and extends them up into the host, its programs, and up into the guest's operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, we gain a simple hardware based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud test beds based on the QEMU/KVM hypervisor, Open Stack, and Open Attestation, and is shown to provide significant additional integrity protection at negligible cost.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE International Conference on Cloud Engineering

自引率

0.00%

发文量

期刊最新文献

In-memory computing for scalable data analytics Automating Cloud Service Level Agreements Using Semantic Technologies A Case Study of IaaS and SaaS in a Public Cloud Architecture for High Confidence Cloud Security Monitoring Towards a Practical and Efficient Search over Encrypted Data in the Cloud