A trusted measurement model based on dynamic policy and privacy protection in IaaS security domain
Tóm tắt
In Infrastructure as a Service (IaaS) environments, the user virtual machine is the user’s private property. However, in the case of privacy protection, how to ensure the security of files in the user virtual machine and the user virtual machine’s behavior does not affect other virtual machines; it is a major challenge. This paper presents a trusted measurement model based on dynamic policy and privacy protection in IaaS security domain, called TMMDP. The model first proposed a measure architecture, where it defines the trusted measurement of the user virtual machine into the trust of files in the virtual machine and trusted network behavior. The trusted measure was detected through the front-end and back-end modules. It then describes in detail the process of the trusted measurement in the two modules. Because the front-end module is in the guest virtual machine, it also describes the protocol to ensure the integrity of the module. Finally, the model proved to address security challenges of the user virtual machine in IaaS environments by a security analysis.
Tài liệu tham khảo
Trusted computing group, TCG Specification Architecture Overview version 1.4, [2008–04-20]. https://trustedcomputinggroup.org/about/.
Sailer, R, Zhang, X, Jaeger, T, van Doorn, L (2004). Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium.
Jaeger, T, Sailer, R, Shankar, U (2006). Prima: policy-reduced integrity measurement architecture. In Proceedings of the 2007 ACM workshop on scalable trusted computing (SACMAT ‘06).
Barham, P, Dragovic, B, Fraser, K, et al. (2003). Xen and the art of virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles(SOSP ’03), New York, USA, (pp. 164–177).
Pratt, I, Fraser, K, Hand, S, et al. (2005). Xen 3.0 and the art of virtualization. XEN 3.0 and the art of virtualization. In Proceedings of the Linux symposium, (pp. 65–77).
Li Xiaoyong, Han Zhen, Shen Changxiang. Transitive trust to executables generated during runtime. Proceedings of ICICIC2007, Washington DC: IEEE Computer Society, 2007:518–521.
Yang, Y, Huanguo, Z, Wan, L, et al. (2008). Design and implementation of an integrity measurement system based on windows trusted computing platform. In Proceedings of the 9th International Conference for Young Computer Scientists, (pp. 229–233). Washington DC: IEEE Computer Society.
Shi, E, Perrig, A, Van Doorn, L (2005). BIND: a fine-grained attestation service for secure distributed systems. In Proceeding of the IEEE symposium on security and privacy, (pp. 154–168). Oakland: IEEE Press.
Loscocco, PA, Wilson, PW, Pendergrass, JA, et al. (2007). Linux kernel integrity measurement using contextual inspection. In Proc of STC 2007, (pp. 21–29). New York: ACM.
Thober, M, Pendergrass, JA, Mcdonell, CD. (2008). Improving coherency of runtime integritymeasurement. ACM Workshop on Scalable Trusted Computing, Stc 2008, Alexandria, Va, Usa, October (pp. 51–60). DBLP.
Kuhn, U, Selhorst, M, Stuble, C (2007). Realizing property-based attestation and sealing with commonly available hard- and software. In ACM STC 2007, (pp. 50–57). ACM.
M. Manulis and M. Steiner. UPBA: User-authenticated property-based attestation, PST 2011. Full Version.
Nagarajan, A, Varadharajan, V, Hitchens, M, Gallery, E. (2009) Property Based Attestation and Trusted Computing: Analysis and Challenges. International Conference on Network and System Security. IEEE, pp. 278–285.
Feng, DG, Yu, Q. (2010). A property-based attestation protocol for TCM. Science China Information Sciences. 53(3), 454–464.
Shen Changxiang. System behavior based trustworthiness attestation for computing platform, 2007
Wang, C, Wang, Q, Ren, K, Lou, W (2010). Privacy-preserving public auditing for data storage security in cloud computing. In IEEE INFOCOM.
De Souza, WAR, & Tomlinson, A (2015). SMM-based hypervisor integrity measurement. In 2015 Int. Conf. On cyber security and cloud computing, (pp. 362–367).
Mei, S, Wu, J, Cheng, Y, Ma, J, Ren, J, Li, X (2011). Trusted bytecode virtual machine module: towards dynamic remote attestation in cloud computing. In Proc. - 2011 Int. Symp. Intell. Inf. Process. Trust. Comput. IPTC 2011, (pp. 19–23).
Awad, A, Kadry, S, Lee, B, Zhang, S (2014). Property based attestation for a secure cloud monitoring system. In Proc. - 2014 IEEE/ACM 7th Int. Conf. Util. Cloud Comput. UCC 2014, (pp. 934–940).
Berger, S, Goldman, K, Pendarakis, D, Safford, D, Valdez, E, Zohar, M (2015). Scalable attestation: a step toward secure and trusted clouds. In Proc. - 2015 IEEE Int. Conf. Cloud Eng. IC2E 2015, (pp. 185–194).
Pawloski, A, Wu, L, Du, X, Qian, L (2015). A practical approach to the attestation of computational integrity in hybrid cloud. In 2015 Int. Conf. Comput. Netw. Commun. ICNC 2015, (pp. 72–76).
Rajendran, VV, & Swamynathan, S. (2016). Hybrid model for dynamic evaluation of trust in cloud services. Wirel. Netw, 22(6), 1807–1818.
Manzoor, S, Taha, A, Suri, N. (2017). Trust Validation of Cloud IaaS: A Customer-centric Approach. Trustcom/bigdatase/ispa. IEEE. pp 97–104