Trusted Launch of Virtual Machine Instances in Public IaaS Environments

Paladi, Nicolae; Gehrmann, Christian; Aslam, Mudassar; Morenius, Fredric

doi:10.1007/978-3-642-37682-5_22

Cited by 15 publications

(21 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Earlier work in [19], [20] described interoperable solutions towards trusted VM launch and storage protection in IaaS. We extend them to create an integrated framework that builds a trust chain from the domain manager to the VM instances and data in their administrative domain, and provide additional details, proofs and performance evaluation.…”

Section: Secure Storagementioning

confidence: 99%

See 1 more Smart Citation

Providing User Security Guarantees in Public Infrastructure Clouds

Paladi¹,

Gehrmann²,

Michalas³

2017

IEEE Trans. Cloud Comput.

Self Cite

View full text Add to dashboard Cite

obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The WestminsterResearch online digital archive at the University of Westminster aims to make the research output of the University available to a wider audience. Copyright and Moral Rights remain with the authors and/or copyright owners.Whilst further distribution of specific materials from within this archive is forbidden, you may freely distribute the URL of WestminsterResearch: ((http://westminsterresearch.wmin.ac.uk/).In case of abuse or copyright appearing without permission e-mail repository@westminster.ac.uk Abstract-The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants -insulated from the minutiae of hardware maintenance -rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

show abstract

Section: Secure Storagementioning

confidence: 99%

“…, CH n }. We denote a VM instance vm The Security Profile (SP ) , defined in [19], is a function of the verified and measured deployment of a trusted computing base -a collection of software components measurable during a platform boot. Measurements are maintained in protected storage, usually located on the same platform.…”

Section: System Modelmentioning

confidence: 99%

Providing User Security Guarantees in Public Infrastructure Clouds

Paladi¹,

Gehrmann²,

Michalas³

2017

IEEE Trans. Cloud Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…During regular operation, VM instances may benefit from additional security services. One example is launch on verified platforms [15], to ensure that the VM instance runs on a host which has not been compromised. Another such example is providing instances with high quality pool of entropy, which is needed for cryptographic operations performed on the VM image to confidentiality and integrity protect the e-health data processed by the instance.…”

Section: B the Way Forwardmentioning

confidence: 99%

Security aspects of e-Health systems migration to the cloud

Michalas

Paladi

Gehrmann

2014

2014 IEEE 16th International Conference on E-Health Networking, Applications and Services (Healthcom)

Self Cite

View full text Add to dashboard Cite

Abstract-As adoption of e-health solutions advances, new computing paradigms -such as cloud computing -bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud.

show abstract

“…The remote attestation involves obtaining a quote of the compute host's T P M platform configuration registers to evaluate whether the platform can be trusted. We leave out the minutiae of remote attestation and evaluation of platform trust level and refer the reader to [16].…”

Section: Domain Accessmentioning

confidence: 99%

“…After generating the symmetric key for Dom i k , T T P seals it to the trusted configuration of the compute host (similar to the key sealing procedures already described in [10,16]) and returns to SC the response shown in Figure 5.…”

Section: Domain Accessmentioning

confidence: 99%

Domain based storage protection with secure access control for the cloud

Paladi

Michalas

Gehrmann

2014

Proceedings of the 2nd International Workshop on Security in Cloud Computing

Self Cite

View full text Add to dashboard Cite

Cloud computing has evolved from a promising concept to one of the fastest growing segments of the IT industry. However, many businesses and individuals continue to view cloud computing as a technology that risks exposing their data to unauthorized users. We introduce a data confidentiality and integrity protection mechanism for Infrastructure-asa-Service (IaaS) clouds, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We also address the absence of reliable data sharing mechanisms, by providing an XML-based language framework which enables clients of IaaS clouds to securely share data and clearly define access rights granted to peers. The proposed improvements have been prototyped as a code extension for a popular cloud platform.

show abstract

Trusted Launch of Virtual Machine Instances in Public IaaS Environments

Cited by 15 publications

References 12 publications

Providing User Security Guarantees in Public Infrastructure Clouds

Providing User Security Guarantees in Public Infrastructure Clouds

Security aspects of e-Health systems migration to the cloud

Domain based storage protection with secure access control for the cloud

Contact Info

Product

Resources

About