TREASURE

trust enhanced security for cloud environments

Vijay Varadharajan*, Udaya Tupakula

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

6 Citations (Scopus)

Abstract

Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for realization of trusted platforms. Recently several TPM attestation techniques such as binary attestation and property based attestation techniques have been proposed but there are some fundamental issues that need to be addressed for using these techniques in practice. In this paper we consider an architecture where different services are hosted on the cloud infrastructure by multiple cloud customers (tenants). Then we consider an attacker model that is specific to the cloud and some of the challenges with the current TPM based attestation techniques. We will also propose a novel trust enhanced security model for cloud which overcomes the challenges with the current TPM based attestation techniques and efficiently deals with the attacks in the cloud. In our model, the cloud service provider is used as the Certification Authority (CA) for the tenant virtual machines. The CA only certifies the basic security properties which are the assurance on the traffic originating from the tenant virtual machine and validation of the tenant virtual machine transactions. The components of the CA monitor the interactions of the tenant virtual machine for the certified properties. Since the tenant virtual machines are running on the cloud service provider infrastructure, it is aware of the dynamic changes to the tenant virtual machine. The CA can terminate the ongoing transactions and/or dynamically isolate the tenant virtual machine if there is a variation in the behaviour of the tenant virtual machine from the certified properties. Hence our model can be used to address the challenges with the current TPM based attestation techniques and efficiently deal with the attacks in the cloud. We will present implementation of our model on Xen and how it deals with the attacks in different attack case scenarios. We will also show that our model is beneficial for the cloud service providers, tenants and tenant customers.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationthe 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), the 11th IEEE International Conference on Ubiquitous Computing and Communications (IUCC 2012): 25-27 June 2012, Liverpool, UK
EditorsGeyong Min, Yulei Wu, Lei (Chris) Liu, Xiaolong Jin, Stephen Jarvis, Ahmed Y. Al-Dubai
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages145-152
Number of pages8
ISBN (Print)9780769547459
DOIs
Publication statusPublished - 2012
Event11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom
Duration: 25 Jun 201227 Jun 2012

Other

Other11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
CountryUnited Kingdom
CityLiverpool
Period25/06/1227/06/12

Fingerprint Dive into the research topics of 'TREASURE: trust enhanced security for cloud environments'. Together they form a unique fingerprint.

  • Cite this

    Varadharajan, V., & Tupakula, U. (2012). TREASURE: trust enhanced security for cloud environments. In G. Min, Y. Wu, L. C. Liu, X. Jin, S. Jarvis, & A. Y. Al-Dubai (Eds.), Proceedings: the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), the 11th IEEE International Conference on Ubiquitous Computing and Communications (IUCC 2012): 25-27 June 2012, Liverpool, UK (pp. 145-152). [6295969] Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/TrustCom.2012.283