Scalable Attestation: A Step toward Secure and Trusted Clouds

Author

Berger, Stefan ; Goldman, Kenneth ; Pendarakis, Dimitrios ; Safford, David ; Valdez, Enriquillo ; Zohar, Mimi

Volume

2

Issue

5

fYear

2015

Firstpage

10

Lastpage

18

Abstract

Scalable attestation combines secure boot and trusted boot technologies, and extends them up into the host, its programs, and into the guest´s operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, the authors gain a simple hardware-based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud testbeds based on the QEMU/KVM hypervisor, OpenStack, and OpenAttestation, and is shown to provide significant additional integrity protection at negligible cost.

Keywords

cloud computing; computer bootstrapping; operating systems (computers); security of data; trusted computing; OpenAttestation; OpenStachardware-based geolocation attestation; QEMU-KVM hypervisor; guest operating system; hardware-based geolocation attestation; integrity appraisal; integrity attack detection; integrity attack prevention; integrity protection; regulatory requirements; remote attack; scalable attestation; secure boot technology; secure clouds; trusted boot technology; trusted clouds; Cloud computing; Computer security; Public key cryptography; Scalability; Semiconductor device measurement; Trust management; attestation; cloud; integrity; scalability; secure boot; security; trusted boot;

fLanguage

English

Journal_Title

Cloud Computing, IEEE

Publisher

ieee

ISSN

2325-6095

Type

jour

DOI

10.1109/MCC.2015.97

Filename

7331190