Chunwen Li,Xu Wu,Chuanyi Liu,Xiaqing Xie

DOI: https://doi.org/10.1007/978-3-642-35795-4_25

2013-01-01

Abstract:The hosting service model of cloud computing brings trustworthinessissue of cloud providers, which is a serious obstacle for wider adoption of cloud-based services. Based on open source components of TCG (Trusted Computing Group)and IBM's IMA (Integrity Measurement Architecture), this paper designed and implementeda remote attestation architecture and protocol to verify the trustworthiness of users' virtual machineinIaaS cloud. Meanwhile, as theverification agent, Trusted Third Partyminimized cloud configuration information disclosure, ensured the privacy of cloud.The experiments demonstratedthat this architecture brought little extra cost while provided trustworthiness guarantee. © Springer-Verlag Berlin Heidelberg 2013.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

WU Xu,XU Jin,LI Chun-wen,LIU Chuan-yi

DOI: https://doi.org/10.13190/j.jbupt.2014.05.018

2014-01-01

Abstract:In cloud computing, the data and computation migration gives rise to trust problems between the user and the cloud. Including the hardware platform, the multiple dimensions method was studied, as well as the user identity and behavior. The electronic identity ( eID)-based virtual machine trusted attes-tation system in infrastructure-as-a-service ( IaaS) cloud was designed. The hardware platform was used for trust third party architecture. The citizen's network eID was used as users' unique authoritative identi-ty. The credit records were also applied to evaluate the user' s behaviors. Four steps were adopted to solve the trust problem between two sides, including trusted attestation of the user identification and trus-ted attestation of the virtual machine. Experiment analysis shows that this system can defend common at-tacks, it is more safety, and the time complexity is within acceptable limitations.

Wenjuan Li,Lingdi Ping

DOI: https://doi.org/10.1007/978-3-642-10665-1_7

2009-01-01

Abstract:Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

Huaizhe Zhou,Haihe Ba,Jiangchun Ren,Yong Chen,Yongjun Wang,Zhiying Wang

DOI: https://doi.org/10.1109/ICNISC.2017.00017

2017-01-01

Abstract:While the Infrastructure-as-a-Service (IaaS) cloud computing model has become a compelling computing solution, the security concerns on the data and application integrity in the virtual machines (VMs) have drastically restricted its widespread adoption. Although numerous researches have been dedicated to deal with the aforementioned issues, it still remains a challenge for now. In this paper, we present DRAS, a novel framework for remote attestation on VMs in IaaS cloud. It combines trusted computing with virtual machine introspection to provide flexible measurement for targeted VMs in a stealthy manner, which is more robust to malicious attackers. Moreover, we minimize the impact on platform performance and reduce trusted computing base by separating integrity measurement and attestation service from privileged domain to a dedicated secure VM. We show a concrete implementation of DRAS and a prototype based on Xen hypervisor.

Xiaoguang Wang,Yi Shi,Yuehua Dai,Yong Qi,Jianbao Ren,Yu Xuan

DOI: https://doi.org/10.4304/jcp.9.10.2303-2314

2014-01-01

Journal of Computers

Abstract:The Infrastructure as a Service (IaaS) cloud computing model is widely used in current IT industry, providing the cloud users virtual machines as the executing environment. However, current executing environment the cloud provided is not trustworthy. For a user's executing environment faces threats from malicious cloud users who aim at attacking the underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we first make an analysis of the potential threats to a commodity hypervisor, and then propose architecture to build a more trustworthy executing environment for IaaS cloud. The main ideas of our architecture are: removing interaction between hypervisor and the exposed executing environment, enhancing platform data secrecy as well as providing feature rich environment attestation. To prove the effectiveness of our architecture, we build a prototype system, named TrustOSV, which can host multiple trustworthy isolated computing environments on multi-core x86 hardware. The final evaluation shows that TrustOSV can provide enhanced security guarantees to the exposed VMs at modest cost.

Wang Chunlu,Liu Chuanyi,Wang Xiaoliang,Dong Yingfei

DOI: https://doi.org/10.1109/GLOCOM.2013.6831151

2013-01-01

Abstract:Cloud computing is broadly recognized as one of major factors in achieving more flexible, scalable, and efficient systems. However, as customers lose the direct control of their data and applications hosted by cloud providers, the trustworthiness of cloud services is a main issue that hinders the deployment of cloud applications. In this paper, we have developed a novel framework to detect compromises on physical servers in cloud services, via remote attestation with a Trusted Third Party (TTP). Furthermore, to avoid the TTP becoming a bottleneck, we have designed a cloud based TTP platform, using a small private cloud to audit large clouds. We have implemented a prototype system, and evaluated it with several common benchmarks to demonstrate its efficiency. Our experimental results show that the proposed framework is effective in detecting compromise and adds little overhead to a common IaaS cloud environment.

Wang Han-zhang,Huang Liu-sheng

DOI: https://doi.org/10.1109/iccasm.2010.5622643

2010-01-01

Abstract:Security and privacy are two prime barriers to adoption of the cloud computing. To address this problem on Infrastructure-as-a-Service model, a trusted cloud computing platform model has been proposed to provide a closed box execution environment that guarantees confidential execution of guest virtual machines. However this model has significant drawbacks that it relies on the trusted third party outside of the cloud circumstance too much. In this paper we show how to address this issue based on the neutral feature of the Trusted Platform Module. By moving the responsibility of managing trusted platforms from the trusted third party to the trusted platforms of Infrastructure-as-a-Service model, our improved TCCP model achieves higher availability, reliability and safety.

Xu Wu,Xiaqing Xie,Chuanyi Liu,Chunwen Li

DOI: https://doi.org/10.1007/978-3-642-35795-4_28

2013-01-01

Abstract:By improving resource utilization, cloud computing can greatly save costs and get users considerable profit. However, security issues have emerged as one of the most significant barrier to faster and more widespread adoption of cloud computing. Therefore, this paper focused on the trustworthiness of infrastructure as a service (IaaS) and designed a role-based authentication trustworthiness mechanism to ensure that the different roles in IaaS architecture are trusted. What's more, this paper also considered the interactions between different roles in cloud environment and designed relevant validation protocols. At last, we also designed some benchmarks to evaluate the performance overhead of this mechanism and the results showed the costs can be very little to be neglected. © Springer-Verlag Berlin Heidelberg 2013.

LIU Chuan-yi,PAN He-zhong,LIANG Lu-lu,WANG Guo-feng,FANG Bin-xing

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00102

2016-01-01

Abstract:A ＂big clouds audited by a small cloud＂ scheme was proposed,by introducing an independent trusted third party (TTP) dealing with run-time data collection,verification,audit and evaluation remotely,in a continuous and data-driven model,compared with traditionally certification based audit.The TTP mainly adopts data flow visualization,data monitoring and encryption to protect the rights of users.It provides the basis for users to choose a trusted cloud platform and for cloud platform to prove own trusted credentials.In-depth study,the following key technologies were broken through:1) the introduction of an independent trusted third party as an intermediate layer between cloud platform and users as well as administrators; 2) continuous,real-time remote data collection and data analysis; 3) strong non-intrusive evidence gathering.

Qixu Wang,Xingshu Chen,Xin Jin,Xiang Li,Dajiang Chen,Xue Qin

DOI: https://doi.org/10.1109/jiot.2021.3084449

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The integration of the space–air–ground-integrated network and the Internet of Vehicles (IoV) enables the IoV to achieve full network coverage and better network performance. However, the large scale of the network and the complex cooperation mechanism make the credibility of the nodes in the network and the service delivery questioned. In this article, the hardware trusted module is used as the root of trust to build the trust chain and the trusted running environment and provide protection and trusted state attestation for services. In order to overcome the large-scale and high-concurrency performance bottlenecks in the remote verification of trusted states in the IoV, a novel batch remote approach for trusted states is proposed. The simulation results show that the proposed approach can effectively attest to the trusted state of each network node and virtual service in the IoV and enhance the trustworthiness of the network.

Haihe Ba,Zhiying Wang,Jiangchun Ren,Huaizhe Zhou

DOI: https://doi.org/10.1109/TrustCom.2014.123

2014-01-01

Abstract:Cloud computing has brought academic and industry tremendous benefits and improved computing efficiency compared with the traditional model, however, the adoption of this unique model also exacerbates security challenges and raises trust risks. And existing security solutions have less effectiveness and efficiency upon these unchartered cloud threats. We introduce trusted computing into current cloud platform to address the above issues and design JVM-based Dynamic Attestation Architecture, DTEM, to support application services with robust security guarantee. This framework gives trusted-degree estimate for the deployment and runtime status of an application as well as dynamically responds remote attestation with integrity proof of running applications.

Wu Luo,Wei Liu,Yang Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0058

2016-01-01

Abstract:In recent years, the rapid development of virtualization and container technology brings unprecedented impact on traditional IT architecture. Trusted Computing devotes to provide a solution to protect the integrity of the target platform and introduces a virtual TPM to adapt to the challenges that virtualization brings. However, the traditional integrity measurement solution and remote attestation has limitations due to the challenges such as large of measurement and attestation cost and overexposure of configurations details. In this paper, we propose the Partial Attestation Model. The basic idea of Partial Attestation Model is to reconstruct the Chain of Trust by dividing them into several separated ones. Our model therefore enables the challenger to attest the specified security requirements of the target platform, instead of acquiring and verifying the complete detailed configurations. By ignoring components not related to the target requirements, our model reduces the attestation costs. In addition, we further implement an attestation protocol to prevent overexposure of the target platform's configuration details. We build a use case to illustrate the implementation of our model, and the evaluations on our prototype show that our model achieves better efficiency than the existing remote attestation scheme.

Xin Wan,ZhiTing Xiao,Yi Ren

DOI: https://doi.org/10.1109/mines.2012.244

2012-01-01

Abstract:Cloud computing enables organizations to realize the commercial benefits while facing the new security issues. In this paper, we presents a security model for called the Trusted Private Virtual Data center (TVPDc) that offering centralized security management of the computing and storage resources distributed in different locations and physical machines within an IaaS cloud. The TVPDc model can satisfy the need of the organizations for privacy protection and data integrity guarantees and enhances the system management capabilities in virtualized environments.

Yue Yu,Huaimin Wang,Bo Liu,Gang Yin

DOI: https://doi.org/10.1109/trustcom.2013.183

2013-01-01

Abstract:Traditional security protocols can not be trusted in some application scenarios of high security level because the endpoints integrity is ignored. In this paper, we propose a novel trusted remote attestation model which combines the secure channel and the integrity measurement architecture of trusted computing. We design and implement a prototype system based on a mature security protocol, Transport Layer Security (TLS) protocol, integrated with integrity report provided by trusted platform module (TPM). The TLS protocol guarantees the security of data exchange process and the integrity report of TPM provides the evidence about the trustworthiness and the security state of the communication endpoints. Compared by traditional approaches, our method is more efficient and can be deployed in large scale systems easily.

Chenlin Huang,Wei Chen,Lu Yuan,Yan Ding,Songlei Jian,Yusong Tan,Hua Chen,Dan Chen

DOI: https://doi.org/10.1016/j.jpdc.2020.11.002

IF: 4.542

2021-03-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the rise of concerns over security and privacy in the cloud, the "security-on-demand" service mode dynamically provides cloud customers with trusted computing environments according to their specific security needs. Major challenges, however, remain to achieve this goal: (1) integrating an auditable, tamper-resistant trust-management mechanism into the cloud infrastructure and (2) building a protocol to guarantee the consistency of customers' policies during virtual machine (VM) migrations. This study develops a new security-on-demand framework called a "policy-customized trusted cloud service" (PC-TCS) architecture that comprises two core components: an attribute-based signature (ABS)-based remote-attestation scheme to achieve trusted remote attestation with customized security policies and an ABS- and blockchain-based VM-migration protocol to support policy-customized trusted migration. To prove the availability of this architecture, we implemented a PC-TCS prototype based on Xen Hypervisor, the results of which indicate that (1) PC-TCS can be integrated into cloud infrastructure as part of a trusted computing base; (2) cloud users can customize the security policies of computing environments and validate their enforcement throughout the service life-cycle with the support of PC-TCS; and (3) PC-TCS can support policy-customized remote attestation and policy-customized migration with a minimal impact on performance.</p>

computer science, theory & methods

Zhenyu Zhao,Qingni Shen,Wu Luo,Anbang Ruan

DOI: https://doi.org/10.1007/978-3-030-41579-2_34

2020-01-01

Abstract:The security of cloud infrastructure is an important issue. Many solutions have been proposed to protect the integrity of cloud infrastructure through integrating Trusted Computing hardware. However, these existing solutions suffer from high complexity, repetition and latency. In this paper, we propose a blockchain based cloud service dependency attestation framework-CloudCoT (Cloud Chain-of-Trust). With CloudCoT which combines trusted computing and blockchain technology, cloud users are able to automatically extract the valid dependency of their applications deployed on cloud. And they can attest the valid dependency with low latency through its measurement mechanism and verification mechanism. In addition to the decentralized features, we can see that CloudCoT has higher efficiency while maintaining strong safety in experimental evaluation.

Xin Wan,XinFang Zhang,Liang Chen,Hao Jin

DOI: https://doi.org/10.1109/cis.2012.38

2012-01-01

Abstract:We introduce a model for secure managing virtual infrastructure in IaaS Cloud which called Trusted Private Virtual Datacenter (TVPDc). It can offer centralized management of the computing and storage resources distributed in different locations and physical machines within an IaaS cloud. Additionally, we propose a hierarchical management framework and a TVPDc establishment and deployment protocol for the security architecture. The TVPDc model leverages trusted computing technology and develops to address the need for privacy protection and data security guarantees to enhance systems management capabilities in virtualized environments.

Xin Wan,Zhiting Xiao,Yi Ren

DOI: https://doi.org/10.1109/MINES.2012.82

2012-01-01

Abstract:A key technology of cloud computing is virtualization, which can lead to reduce the total cost and increase the application flexibility. However along with these benefits come added security challenges. The extension of Trusted Computing to virtual environments can provide secure storage and ensure system integrity. In this paper, we describe and analyze several existing virtualization of TPM (vTPM) designs: software-based vTPM, hardware-based vTPM, para-virtualized TPM and property-based vTPM and analyze each of their limitations. We believe this to be an useful exercise to help better understand and apply the technology of virtualization of TPM in real cloud computing systems.

Ying Chen,Qingni Shen,Pengfei Sun,Yangwei Li,Zhong Chen,Sihan Qing

DOI: https://doi.org/10.1109/IPDPSW.2012.275

2012-01-01

Abstract:Infrastructure as a Service (IaaS), basically consists on the deliverance of virtual machines (VMs) to an IaaS provider, who can rise or shrink the number of VMs so as to offer fast and easy scalability according to variable workloads. However, according to the principle of Buckets Effect, the safety of the entire system relies on its most fragile component. This problem also exists in IaaS cloud. There are many VMs which co-exist in the same physical machine, but they may adopt different security protection. So this could lead VMs with the higher security requirement degrade to the lowest security level. In order to address these issues, we propose Trusted Cloud based on Security Level (TCSL), which is an integrated, secured and trusted architecture based on logical VMs' union, to separate the VMs with different sensitive and security needs from the whole cloud environment, and to meet different customer's security requirements. Experimental results demonstrate that these approaches are effective in isolating the resources with the same security requirements in a shared trusted zone which is built based on different security level. When resources need to migrate to the trusted zone, the Reliable Migration Policies will be automatically enforced and match the migrating resource to an applicable trusted zone in cloud or return a feedback concerning a suggestion. With Reliable Migration Protocol, the secure process of the migrating transaction can be guaranteed in IaaS cloud.