ABSTRACT
Security concerns for emerging cloud computing models have become the focus of much research, but little of this targets the underlying infrastructure. Trusted Cloud proposals generally assert that the Trusted Computing Base (TCB) of the cloud should be clearly defined and attested to. However, specific characteristics of trust in the cloud make such solutions difficult to implement in an effective and practical way. We present RepCloud, a reputation system for managing decentralised attestation metrics in the cloud. We observe that as being deterministic and tamper-proof, trust evidence generated by the TCG framework can be efficiently transmitted within the cloud. In a web of nodes with high connectivity and mutual-attestation frequency, corrupted nodes can be identified effectively. By modelling this web with RepCloud, we achieved a fine-grained cloud TCB attestation scheme with high confidence for trust. Cloud users can determine the security properties of the exact nodes that may affect the genuine functionalities of their applications, without obtaining much internal information of the cloud. Experiments showed that besides achieved fine-grained attestation RepCloud still incurred lower trust management overhead than existing trusted cloud proposals.
- Cloud security alliance. http://www.cloudsecurityalliance.org.Google Scholar
- Eucalyptus. http://www.eucalyptus.com.Google Scholar
- Trousers - the open-source tcg software stack. http://trousers.sourceforge.net/.Google Scholar
- Trusted computing group. http://www.trustedcomputinggroup.org.Google Scholar
- Trusted grub. http://trousers.sourceforge.net/grub.html.Google Scholar
- Amazon cloud architecture. http://jineshvaria.s3.amazonaws.com/public/cloudarchitectures-varia.pdf, 2008.Google Scholar
- Open platform trusted service user's guide. http://iij.dl.sourceforge.jp/openpts/51879/userguide-0.2.4.pdf, 2011.Google Scholar
- Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42 (January 2008). Google ScholarDigital Library
- Chen, L., Löhr, H., Manulis, M., and Sadeghi, A.-R. Property-based attestation without a trusted third party. In Proceedings of the 11th international conference on Information Security (Berlin, Heidelberg, 2008), ISC '08, Springer-Verlag, pp. 31--46. Google ScholarDigital Library
- Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., and Zamboni, D. Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (New York, NY, USA, 2009), CCSW '09, ACM, pp. 97--102. Google ScholarDigital Library
- Hoffman, K., Zage, D., and Nita-Rotaru, C. A survey of attack and defense techniques for reputation systems. ACM Comput. Surv. 42 (December 2009). Google ScholarDigital Library
- Jonathan, P., Matthias, S., Els, Van, H., and Michael, W. Property attestation -- scalable and privacy-friendly security assessment of peer computers. In Technical Report RZ 3548 (2004), IBM Research.Google Scholar
- Kamvar, S. D., Schlosser, M. T., and Garcia-Molina, H. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web (New York, NY, USA, 2003), WWW '03, ACM. Google ScholarDigital Library
- Keller, E., Szefer, J., Rexford, J., and Lee, R. B. Nohype: virtualized cloud infrastructure without the virtualization. SIGARCH Comput. Archit. News 38 (June 2010), 350--361. Google ScholarDigital Library
- Krautheim, F. J. Private virtual infrastructure for cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (Berkeley, CA, USA, 2009), HotCloud'09, USENIX Association. Google ScholarDigital Library
- Lyle, J., and Martin, A. Trusted computing and provenance: better together. In Proceedings of the 2nd conference on Theory and practice of provenance (Berkeley, CA, USA, 2010), TAPP'10, USENIX Association, pp. 1--1. Google ScholarDigital Library
- McCune, J. M. Turtles all the way down: research challenges in user-based attestation. In Proceedings of the 2nd workshop on Recent advances on intrusiton-tolerant systems (New York, NY, USA, 2008), WRAITS '08, ACM, pp. 2:1--2:1. Google ScholarDigital Library
- McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., and Perrig, A. Trustvisor: Efficient tcb reduction and attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2010), SP '10, IEEE Computer Society, pp. 143--158. Google ScholarDigital Library
- Montresor, A., and Jelasity, M. Peersim: A scalable p2p simulator. In Peer-to-Peer Computing, 2009. P2P '09. IEEE Ninth International Conference on (sept. 2009), pp. 99 --100.Google ScholarCross Ref
- Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (New York, NY, USA, 2009), CCS '09, ACM, pp. 199--212. Google ScholarDigital Library
- Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM'04, USENIX Association, pp. 16--16. Google ScholarDigital Library
- Santos, N., Gummadi, K. P., and Rodrigues, R. Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (Berkeley, CA, USA, 2009), HotCloud'09, USENIX Association. Google ScholarDigital Library
- Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., and McDaniel, P. Seeding clouds with trust anchors. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop (New York, NY, USA, 2010), CCSW '10, ACM. Google ScholarDigital Library
- Stumpf, F., Fuchs, A., Katzenbeisser, S., and Eckert, C. Improving the scalability of platform attestation. In Proceedings of the 3rd ACM workshop on Scalable trusted computing (New York, NY, USA, 2008), STC '08, ACM. Google ScholarDigital Library
- Walsh, K., and Sirer, E. G. Experience with an object reputation system for peer-to-peer filesharing. In Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3 (Berkeley, CA, USA, 2006), NSDI'06, USENIX Association, pp. 1--1. Google ScholarDigital Library
Index Terms
- RepCloud: achieving fine-grained cloud TCB attestation with reputation systems
Recommendations
Certification and remote attestation methods of the eTPM trusted cloud
ICCNS '18: Proceedings of the 8th International Conference on Communication and Network SecurityTrust computing is widely used in various enterprise clouds now. While benefiting from the protections and services provided by the trusted cloud, internal departments of the enterprise are also faced with some security issues, as current trusted cloud ...
TMR: Towards a Trusted MapReduce Infrastructure
SERVICES '12: Proceedings of the 2012 IEEE Eighth World Congress on ServicesMapReduce systems deployed over an open infrastructure such as a cloud have attracted much attention, due to the significant reductions in the costs entailed in satisfying both the computation and storage demands. However, in these systems, the ...
A Conceptual Platform of SLA in Cloud Computing
DASC '11: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure ComputingCloud computing is a promising technology, where the infrastructure, developing platform, software and storage are delivered as a service. With the development of cloud computing, more and more cloud service providers emerge. However, there are no ...
Comments