Paper published in a book (Scientific congresses, symposiums and conference proceedings)
CertiCloud: a Novel TPM-based Approach to Ensure Cloud IaaS Security
Bertholon, Benoit; Varrette, Sébastien; Bouvry, Pascal
2011In 4th IEEE Intl. Conf. on Cloud Computing (CLOUD 2011)
Peer reviewed
 

Files


Full Text
2011_CLOUD_CertCloud.pdf
Publisher postprint (649.92 kB)
Request a copy

All documents in ORBilu are protected by a user license.

Send to



Details



Abstract :
[en] The security issues raised by the Cloud paradigm are not always tackled from the user point of view. For instance, considering an Infrastructure-as-a-Service (IaaS) Cloud, it is currently impossible for a user to certify in a reliable and secure way that the environment he deployed (typically a Virtual Machine(VM)) has not been corrupted, whether by malicious acts or not. Yet having this functionality would enhance the confidence on the IaaS provider and therefore attract new customers. This paper fills this need by proposing CERTICLOUD, a novel approach for the protection of IaaS platforms that relies on the concepts developed in the Trusted Computing Group (TCG) together with hardware elements, i.e., Trusted Platform Module (TPM) to offer a secured and reassuring environment. Those aspects are guaranteed by two protocols: TCRR and Verify MyVM. When the first one asserts the integrity of a remote resource and permits to exchange a private symmetric key, the second authorizes the user to detect trustfully and on demand any tampering attempt on its running VM. These protocols being key components in the proposed framework, we take very seriously their analysis against known cryptanalytic attacks. This is testified by their successful validation by AVISPA and Scyther, two reference tools for the automatic verification of security protocols. The CERTICLOUD proposal is then detailed: relying on the above protocols, this platform provides the secure storage of users environments and their safe deployment onto a virtualization framework. While the physical resources are checked by TCRR, the user can execute on demand the Verify MyVM protocol to certify the integrity of its deployed environment. Experimental results operated on a first prototype of CERTICLOUD demonstrate the feasibility and the low overhead of the approach, together with its easy implementation on recent commodity machines.
Research center :
ULHPC - University of Luxembourg: High Performance Computing
Disciplines :
Computer science
Identifiers :
UNILU:UL-CONFERENCE-2011-379
Author, co-author :
Bertholon, Benoit ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Varrette, Sébastien ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Bouvry, Pascal ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
CertiCloud: a Novel TPM-based Approach to Ensure Cloud IaaS Security
Publication date :
July 2011
Event name :
4th IEEE Intl. Conf. on Cloud Computing (CLOUD 2011)
Event place :
Washington, United States - District of Columbia
Event date :
July 4--9
Audience :
International
Main work title :
4th IEEE Intl. Conf. on Cloud Computing (CLOUD 2011)
Publisher :
IEEE Computer Society
ISBN/EAN :
978-1-4577-0836-7
Pages :
121 - 130
Peer reviewed :
Peer reviewed
Commentary :
Cloud Computing (CLOUD)
Available on ORBilu :
since 02 December 2013

Statistics


Number of views
307 (5 by Unilu)
Number of downloads
0 (0 by Unilu)

Scopus citations®
 
43
Scopus citations®
without self-citations
42

Bibliography


Similar publications



Contact ORBilu