trusted_cloud - Towards Trusted Cloud Computing Nuno Santos...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Towards Trusted Cloud Computing Nuno Santos Krishna P. Gummadi Rodrigo Rodrigues MPI-SWS Abstract Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. How- ever, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation. To address this problem we propose the design of a trusted cloud computing platform (TCCP). TCCP en- ables Infrastructure as a Service (IaaS) providers such as Amazon EC2 to provide a closed box execution envi- ronment that guarantees confidential execution of guest virtual machines. Moreover, it allows users to attest to the IaaS provider and determine whether or not the ser- vice is secure before they launch their virtual machines. 1 Introduction Companies can greatly reduce IT costs by offloading data and computation to cloud computing services. Still, many companies are reluctant to do so, mostly due to outstanding security concerns. A recent study [2] sur- veyed more than 500 chief executives and IT managers in 17 countries, and found that despite the potential benefits, executives “trust existing internal systems over cloud-based systems due to fear about security threats and loss of control of data and systems”. One of the most serious concerns is the possibility of confidential- ity violations. Either maliciously or accidentally, cloud provider’s employees can tamper with or leak a com- pany’s data. Such actions can severely damage the repu- tation or finances of a company. In order to prevent confidentiality violations, cloud services’ customers might resort to encryption. While encryption is effective in securing data before it is stored at the provider, it cannot be applied in services where data is to be computed, since the unencrypted data must reside in the memory of the host running the computa- tion. In Infrastructure as a Service (IaaS) cloud services such as Amazon’s EC2, the provider hosts virtual ma- chines (VMs) on behalf of its customers, who can do arbitrary computations. In these systems, anyone with privileged access to the host can read or manipulate a customer’s data. Consequently, customers cannot protect their VMs on their own. Cloud service providers are making a substantial effort to secure their systems, in order to minimize the threat of insider attacks, and reinforce the confidence of cus- tomers. For example, they protect and restrict access to the hardware facilities, adopt stringent accountabil- ity and auditing procedures, and minimize the number of staff who have access to critical components of the infrastructure [8]. Nevertheless, insiders that administer the software systems at the provider backend ultimately still possess the technical means to access customers’ VMs. Thus, there is a clear need for a technical solu- tion that guarantees the confidentiality and integrity of computation, in a way that is verifiable by the customers of the service. Traditional trusted computing platforms like Terra [4]
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/27/2012 for the course CS 600 taught by Professor Smith,r during the Winter '08 term at Alabama.

Page1 / 5

trusted_cloud - Towards Trusted Cloud Computing Nuno Santos...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online