Author : Amtul Quddoos 1
Date of Publication :12th October 2017
Abstract: One such mechanism is platform integrity verification for figure hosts that support the virtualized cloud infrastructure. Several giant cloud vendors have signaled sensible implementations of this mechanism, primarily to safe guard the cloud infrastructure from corporate executive threats and advanced persistent threats. We tend to see 2 major improvement vectors regarding these implementations. First, details of such proprietary solutions aren't disclosed and may therefore not be enforced and improved by alternative cloud platforms. Second, to the most effective of our information, none of the solutions provides cloud tenants a symbol concerning the integrity of figure hosts supporting their slice of the cloud infrastructure. To address this, we tend to propose a group of protocols for sure launch of virtual machines, which give tenants with a symbol that the requested instances were launched on a number with associate degree expected code stack.
Reference :
-
1. N. Santos, K. P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud‟09, (Berkeley, CA, USA), USENIX Association, 2009.
2. J.Schiffman, T.Moyer, H.Vijayakumar, T.Jaeger, and P.McDaniel, “Seeding Clouds With Trust Anchors,” in Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW ‟10, (New York, NY, USA), pp. 43–46, ACM, 2010.
3. N. Paladi, A. Michalas, and C. Gehrmann, “Domain based storage protection with secure access control for the cloud,” in Proceedings of the 2014 International Workshop on Security in Cloud Computing, ASIACCS ‟14, (New York, NY, USA), ACM, 2014.
4. M. Jordon, “Cleaning up dirty disks in the cloud,” Network Security, vol. 2012, no. 10, pp. 12–15, 2012.
5. Cloud Security Alliance, “The notorious nine cloud computing top threats 2013,” February 2013.
6. A. Michalas, N. Paladi, and C. Gehrmann, “Security aspects of e-health systems migration to the cloud,” in the 16th International Conference on E-health Networking, Application & Services (Healthcom‟14), pp. 228–232, IEEE, Oct 2014.
7. B. Bertholon, S. Varrette, and P. Bouvry, “Certicloud: a novel tpm based approach to ensure cloud IaaS security,” in Cloud Computing, 2011 IEEE International Conference on, pp. 121–130, IEEE, 2011. 10
8. M. Aslam, C. Gehrmann, L. Rasmusson, and M. Bj¨orkman, “Securely launching virtual machines on trustworthy platforms in a public cloud - an enterprise‟s perspective.,” in CLOSER, pp. 511– 521, SciTePress, 2012.
9. A. Cooper and A. Martin, “Towards a secure, tamperproof grid platform,” in Cluster Computing and the Grid, 2006. CCGRID 06. Sixth IEEE International Symposium on, vol. 1, pp. 8–pp, IEEE, 2006.
10. W. Wang, Z. Li, R. Owens, and B. Bhargava, “Secure and efficient access to out sourced data,”inProceedingsofthe2009ACMworkshop on Cloud computing security, pp. 55–66, ACM, 2009.
11. D. Song, E. Shi, I. Fischer, and U. Shankar, “Cloud data protection for the masses,” IEEE Computer, vol. 45, no. 1, pp. 39–45, 2012.
12. S. Graf, P. Lang, S. A. Hohenadel, and M. Waldvogel, “Versatile key management for secure cloud storage,” in Proceedings of the 2012 IEEE 31st Symposium on Reliable Distributed Systems, pp. 469– 474, IEEE Computer Society, 2012
13. N. Santos, R. Rodrigues, K. P. Gummadi, and S. Saroiu, “PolicySealed Data: A New Abstraction for Building Trusted Cloud Services,” in Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), (Bellevue, WA), pp. 175–188, USENIX, 2012
14. A.-R. Sadeghi and C. St´uble, “Property-based attestation for computing platforms: Caring about properties, not mechanisms,” in Proceedings of the 2004 Workshop on New Security Paradigms, NSPW ‟04, (New York, NY, USA), pp. 67–77, ACM, 2004.
15. A. Sahai, “Ciphertext-policy attribute-based encryption,” in In Proceedings of the IEEE Symposium on Security and Privacy, 2007.
16. S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Financial Cryptography and Data Security, vol. 6054 of Lecture Notes in Computer Science, pp. 136–149, Springer Berlin Heidelberg, 2010.
17. A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances in Cryptology–EUROCRYPT 2005, Springer, 2005.
18. S.Kamara and C.Papamanthou,“Parallel and dynamic searchable symmetric encryption,” in Financial Cryptography and Data Security, pp. 258–274, Springer, 2013.
19. N. Paladi, C. Gehrmann, M. Aslam, and F. Morenius, “Trusted Launch of Virtual Machine Instances in Public IaaS Environments,” in Information Security and Cryptology (ICISC‟12), vol. 7839 of Lecture Notes in Computer Science, pp. 309–323, Springer, 2013.
20. N.Paladi,C.Gehrmann,andF.Morenius,“Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds,” in Secure IT Systems, pp. 279–296, Springer, 2013.
21. P. Mell and T. Gance, “The NIST Definition of Cloud Computing,” tech. rep., National Institute of Standards and Technology, 2011.
22. C. Waldspurger and M. Rosenblum, “I/O virtualization,” Communications of the ACM, vol. 55, no. 1, pp. 66–73, 2012.
23. D. Dolev and A. C. Yao, “On the security of public key protocols,” Information Theory, IEEE Transactions on, vol. 29, no. 2, 1983.
24. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, “Terra: A virtual machine-based platform for trusted computing,” in ACM SIGOPS Operating Systems Review, vol. 37, ACM, 2003.
25. A. Seshadri, M. Luk, N. Qu, and A. Perrig, “SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes,” ACMSIGOPSO perating Systems Review,vol.41,no.6,2007.
26. F. Zhang, J. Chen, H. Chen, and B. Zang, “Cloud visor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization,” in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 203–216, ACM, 2011.
27. G. Greenwald, “How the NSA tampers with US-made Internet routers,” The Guardian, May 2014.
28. S.Goldberg, “Why is it taking so long to secure internet routing?,” Communications of the ACM, vol. 57, no. 10, pp. 56–63, 2014.11
29. Trusted Computing Group, “TCG Specification, Architecture Overview, revision 1.4,” tech. rep., 2007.
30. B. Parno, J. M. McCune, and A. Perrig, Bootstrapping Trust in Modern Computers, vol. 10. Springer, 2011.