Cloud Verifier: Verifiable Auditing Service for IaaS Clouds

Schiffman, Joshua; Sun, Yuqiong; Vijayakumar, Hayawardh; Jaeger, Trent

doi:10.1109/services.2013.37

Cited by 30 publications

(16 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It provides us with proofs of knowledge that show elaborate statements on topology security properties, while keeping the topology itself confidential. Our work complements existing results in the tenant-verifiable integrity of infrastructures with host-based monitoring [34] and the attestation of physical hosts and virtual machines [8]: Graph signatures offer the confidential attestation of the system structure and enable a provider to convince a verifier that the system is structured securely, while keeping the blueprint of the system secret.…”

Section: Introductionmentioning

confidence: 58%

“…TPM-protected host-based monitoring of virtualized infrastructures offers an alternative to structural security assurance. Cloud Verifier [34], for example, allows a remote tenant to specify integrity criteria for which Cloud Verifier will monitor a node server. This approach employs an integrity verification proxy as well as TPM support for attestation.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Groß

2014

Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security

View full text Add to dashboard Cite

Digital signature schemes are a foundational cryptographic building block in certification and the projection of trust. Based on a signature scheme on committed graphs, we propose a framework of certification and proof methods to sign topology graphs and to prove properties of their certificates in zero-knowledge. This framework allows an issuer, such as an auditing system, to sign the topology representation of an infrastructure. The prover, such as an infrastructure provider, can then convince a verifier of topology properties including connectivity and isolation without disclosing the blueprint of the topology itself. By that, we can certify the structure of critical systems while still maintaining confidentiality. We offer zero-knowledge proofs of knowledge for a general specification language of security goals for virtualized infrastructures such that high-level security goals can be proven over topology certificates. We offer an efficient and practical construction, built upon the Camenisch-Lysyanskaya signature scheme [11], honest-verifier proofs and the strong RSA assumption.

show abstract

Section: Introductionmentioning

confidence: 58%

Section: Related Workmentioning

confidence: 99%

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Groß

2014

Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security

View full text Add to dashboard Cite

show abstract

“…Auditing-as-a-service [85,89,90,114] requires a trusted third party to maintain an audit logs for detecting integrity violations. LibSEAL does not require a trusted third party, but can instead rely on the TEE for privacy and integrity.…”

Section: Related Workmentioning

confidence: 99%

LibSEAL

Aublin

Kelbert

O'Keeffe

et al. 2018

Proceedings of the Thirteenth EuroSys Conference

View full text Add to dashboard Cite

Users of online services such as messaging, code hosting and collaborative document editing expect the services to uphold the integrity of their data. Despite providers' best efforts, data corruption still occurs, but at present service integrity violations are excluded from SLAs. For providers to include such violations as part of SLAs, the competing requirements of clients and providers must be satisfied. Clients need the ability to independently identify and prove service integrity violations to claim compensation. At the same time, providers must be able to refute spurious claims.We describe LibSEAL, a SEcure Audit Library for Internet services that creates a non-repudiable audit log of service operations and checks invariants to discover violations of service integrity. LibSEAL is a drop-in replacement for TLS libraries used by services, and thus observes and logs all service requests and responses. It runs inside a trusted execution environment, such as Intel SGX, to protect the integrity of the audit log. Logs are stored using an embedded relational database, permitting service invariant violations to be discovered using simple SQL queries. We evaluate LibSEAL with three popular online services (Git, ownCloud and Dropbox) and demonstrate that it is effective in discovering integrity violations, while reducing throughput by at most 14%.

show abstract

“…The different goals and motivations of vQuery and Cloud Radar (performance versus security) are reflected in the model and configuration translation, where vQuery models many performance metrics and Cloud Radar focuses on capturing the topology and its security. Schiffman et al [13] proposed a monitoring system called Cloud Verifier that allows to monitor hosts and virtual machines with regard to integrity requirements, e.g., based on trusted computing mechanisms.…”

Section: Related Workmentioning

confidence: 99%

“…Existing research in this space is mostly focused on dynamic infrastructure analysis of non-security properties [14], node integrity monitoring [13] or establishing security analyses of static systems given by a configuration snapshot [2]. While the latter results give us confidence about reasoning on security consequences of infrastructure cloud topology and configurations, they suffer from blind spots due to transient security failures as well as from efficiency problems.…”

Section: Introductionmentioning

confidence: 99%

Cloud radar

Bleikertz

Vogel

Groß

2014

Proceedings of the 30th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Cloud infrastructures are designed to share physical resources among many different tenants while ensuring overall security and tenant isolation. The complexity of dynamically changing and growing cloud environments, as well as insider attacks, can lead to misconfigurations that ultimately result in security failures. The detection of these misconfigurations and subsequent failures is a crucial challenge for cloud providers-an insurmountable challenge without tools.We establish an automated security analysis of dynamic virtualized infrastructures that detects misconfigurations and security failures in near real-time. The key is a systematic, differential approach that detects changes in the infrastructure and uses those changes to update its analysis, rather than performing one from scratch. Our system, called Cloud Radar, monitors virtualized infrastructures for changes, updates a graph model representation of the infrastructure, and also maintains a dynamic information flow graph to determine isolation properties. Whereas existing research in this area performs analyses on static snapshots of such infrastructures, our change-based approach yields significant performance improvements as demonstrated with our prototype for VMware environments.

show abstract

Cloud Verifier: Verifiable Auditing Service for IaaS Clouds

Cited by 30 publications

References 16 publications

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

Efficient Certification and Zero-Knowledge Proofs of Knowledge on Infrastructure Topology Graphs

LibSEAL

Cloud radar

Contact Info

Product

Resources

About