Bridging the GAP between Software Certification and Trusted Computing for Securing Cloud Computing

Despite the fact that software security certification has important advantages; among these we highlighted that it allows to increase users´ trust by means of attesting security properties. However, in most of cases the system that is subject of certification is considered to be monolithic. This fact implies that existing certification schemes do not provide support for dynamic changes of components as required in Cloud Computing scenarios. In existing certification schemes certificates refer to a particular version of the product or system, changes in the system structure require a process of recertification. We propose a solution based on the combination of software certification techniques and hardware-based certification, as those provided by the Trusted Computing technology. Likewise, the main target of our approach is bringing the gap existing between the software certification and the means for hardware certification, in order to provide a solution for the whole system certification using Trusted Computing technology.