Shift from traditional software models to the Internet has been steadily gaining momentum over the last 10 years. Moving business applications to the shared utility infrastructure of the cloud with its pay-as-you-go and autoscaling features has become significantly more viable for small and medium sized businesses rather then setting up their own software and hardware infrastructure. However before clouds can reach their full potential and be wholeheartedly adopted there is a need to address the concern of privacy advocates who question the weakness of the model from being able to prevent the monitoring at will, lawfully or unlawfully of the user communication and data stored by the cloud hosting provider.Eucalyptus [?] is an open source cloud computing software framework that implements the Cloud Service Model commonly known as Infrastructure as a Service (IaaS). The IaaS model allows users to run and control entire virtual machines on cloud Infrastructure. However one of the main privacy issues in cloud Infrastructure such as Eucalyptus is to ensure the integrity and confidentiality of user data and computation. In this paper we describe the design and deployment of a Trusted Eucalyptus cloud architecture based on remote attestation via Trusted Platform Modules (TPM). Trusted Eucalyptus guarantees users that their virtual machines execute only on cloud nodes, whose integrity is valid. Our experimental results show that Trusted Eucalyptus cloud is practical in terms of performance.
Recent technical advances in utility computing have allowed small and medium sized businesses to move their applications to the cloud, to benefit from features such as auto-scaling and pay-as-you-go facilities. Before clouds are widely adopted, there is a need to address privacy concerns of customer data outsourced to these platforms. In this paper, we present a practical approach for protecting the confidentiality and integrity of client data and computation from insider attacks such as cloud clients as well as from the Infrastructure-as-a-Service (IaaS) based cloud system administrator himself. We demonstrate a scenario of how the origin integrity and authenticity of health-care multimedia content processed on the cloud can be verified using digital watermarking in an isolated environment without revealing the watermark details to the cloud administrator. Finally to verify that our protocol does not compromise confidentiality and integrity of the client data and computation or degrade performance, we have tested a prototype system using two different approaches. Formal verification using ProVerif tool shows that cryptographic operations and protocol communication cannot be compromised using a realistic attacker model. Performance analysis of our implementation demonstrates that it adds negligible overhead.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.