Cloud virtual machine lifecycle security framework based on trusted computing

Jin, Xin; Wang, Qixu; Li, Xiang; Chen, Xingshu; Wang, Wei

doi:10.26599/tst.2018.9010129

Cited by 14 publications

(8 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2019, Jin et al [12] put out a unique trusted computing based VM lifecycle safeguard protection system to address the security risks to VMs at every stage of their existence. The multiple active situations of the VM are used to break up a technique associated with the VM lifetime.…”

Section: Related Workmentioning

confidence: 99%

Performance enhancement of cloud security with migration algorithm for choosing virtual machines in cloud computing

Manivannan,

Senthilkumar,

Kalaivani

et al. 2024

Eng. Res. Express

View full text Add to dashboard Cite

The management of the hardware as well as software resources entrusted to third-party service suppliers has shown to be extraordinarily remarkable and accessible with CC, a potential computing technology for the future. Yet, a major undertaking is characterized by security as well as the use of VMs to perform a request. The main issue with using technology is security worries, which raises the need for a strong security system to safeguard data on the cloud. Thus, to address this problem, a method called WMRBFN-AES is developed to improve cloud security along with the time of execution. Random keys are produced utilizing the PRNG technique, and the best keys are created employing the WMRBFN technique. In the WMRBFN technique, randomly generated keys are used as input, and the hidden layers yield an estimate associated with the secret key of the input. The output layer generates the most precise secret keys to encrypt the data. Encryption is carried out using the AES algorithm. The files about the encrypted data are kept in a cloud storage system. Reduced execution times for stakeholder demands (tasks) as well as optimal cloud resource utilization result from the selection of VMs, which significantly improves reliability. The MA is used in the cloud framework to optimize the selection of VMs to improve resource utilization and performance. The experimental findings of the suggested framework and the current framework were compared, and it was found that the new model performed better in terms of cost, resource utilization, service latency, throughput, and execution time.

show abstract

Section: Related Workmentioning

confidence: 99%

Performance enhancement of cloud security with migration algorithm for choosing virtual machines in cloud computing

Manivannan,

Senthilkumar,

Kalaivani

et al. 2024

Eng. Res. Express

View full text Add to dashboard Cite

show abstract

“…The remote attestation technique, first proposed by TCG, has become the primary method for assessing the trustworthy state of a target system. In most of the existing disclosed schemes [19,28], the baseline value data is stored in the cloud management center. Moreover, it is assumed that the cloud hypervisor is absolutely trustworthy.…”

Section: The Remote Attestationmentioning

confidence: 99%

PIMS: An Efficient Process Integrity Monitoring System Based on Blockchain and Trusted Computing in Cloud-Native Context

Yang¹,

Huang²,

Liu³

et al. 2023

Computer Modeling in Engineering &Amp; Sciences

View full text Add to dashboard Cite

With the advantages of lightweight and high resource utilization, cloud-native technology with containers as the core is gradually becoming the mainstream technical architecture for information infrastructure. However, malware attacks such as Doki and Symbiote threaten the container runtime's security. Malware initiates various types of runtime anomalies based on process form (e.g., modifying the process of a container, and opening the external ports). Fortunately, dynamic monitoring mechanisms have proven to be a feasible solution for verifying the trusted state of containers at runtime. Nevertheless, the current routine dynamic monitoring mechanisms for baseline data protection are still based on strong security assumptions. As a result, the existing dynamic monitoring mechanism is still not practical enough. To ensure the trustworthiness of the baseline value data and, simultaneously, to achieve the integrity verification of the monitored process, we combine blockchain and trusted computing to propose a process integrity monitoring system named IPMS. Firstly, the hardware TPM 2.0 module is applied to construct a trusted security foundation for the integrity of the process code segment due to its tamper-proof feature. Then, design a new format for storing measurement logs, easily distinguishing files with the same name in different containers from log information. Meanwhile, the baseline value data is stored on the blockchain to avoid malicious damage. Finally, trusted computing technology is used to perform fine-grained integrity measurement and remote attestation of processes in a container, detect abnormal containers in time and control them. We have implemented a prototype system and performed extensive simulation experiments to test and analyze the functionality and performance of the PIMS. Experimental results show that PIMS can accurately and efficiently detect tampered processes with only 3.57% performance loss to the container.

show abstract

“…However, ascertaining threat progression in the Cloud requires modeling the functionality of the Cloud that captures interactions among services. Thus, we define an abstract model for the Cloud emphasizing the interactions of services during the life cycle of a VM [7]. The Cloud model shown in Figure 2 Block I: Functional Cloud Model…”

Section: Functional Cloud Modelmentioning

confidence: 99%

Poster

Manzoor

Gouglidis

Bradbury

et al. 2022

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

A variety of Threat Analysis (TA) techniques exist that typically target exploring threats to discrete assets (e.g., services, data, etc.) and reveal potential attacks pertinent to these assets. Furthermore, these techniques assume that the interconnection among the assets is static. However, in the Cloud, resources can instantiate or migrate across physical hosts at run-time, thus making the Cloud a dynamic environment. Additionally, the number of attacks targeting multiple assets/layers emphasizes the need for threat analysis approaches developed for Cloud environments. Therefore, this proposal presents a novel threat analysis approach that specifically addresses multi-layer attacks. The proposed approach facilitates threat analysis by developing a technology-agnostic information flow model. It contributes to exploring a threat's propagation across the operational stack of the Cloud and, consequently, holistically assessing the security of the Cloud.

show abstract

Cloud virtual machine lifecycle security framework based on trusted computing

Cited by 14 publications

References 21 publications

Performance enhancement of cloud security with migration algorithm for choosing virtual machines in cloud computing

Performance enhancement of cloud security with migration algorithm for choosing virtual machines in cloud computing

PIMS: An Efficient Process Integrity Monitoring System Based on Blockchain and Trusted Computing in Cloud-Native Context

Poster

Contact Info

Product

Resources

About