Trustable outsourcing of business processes to cloud computing environments

Cloud Computing, the next generation of Internet-based services, will allow cost-effective outsourcing of applications and business processes. However, outsourcing business processes to potentially untrusted servers poses significant security and privacy problems. Despite having no direct control over the hardware platform on which the business processes run, clients still need to obtain assurance of correct execution. In this paper, we propose an architecture based on Trusted Computing technologies that allows fine-granular and policy-based remote attestation of outsourced business processes running on remote hosts. In particular, we let the provider generate, during execution of the business process, secure execution logs that allow to verify correct execution of the process at a later time by the client. Our architecture allows a cloud provider to host business processes for multiple tenants, considering at the same time multi-instance processes. We show how such an architecture can be implemented using Trusted Computing technologies, traditional virtualization technologies like Xen and the ODE process engine.