Runtime Attestation for IAAS Clouds

Jesse Elwell; Angelo Sapello; Alexander Poylisher; Giovanni Di Crescenzo; Abhrajit Ghosh; Ayumu Kubota; Takashi Matsunaka

doi:10.5220/0006804002330247

Runtime Attestation for IAAS Clouds

Jesse Elwell, Angelo Sapello, Alexander Poylisher, Giovanni Di Crescenzo, Abhrajit Ghosh, Ayumu Kubota, Takashi Matsunaka

2018

Abstract

We present the RIC (Runtime Attestation for I aas Clouds) system which uses timing-based attestation to verify the in- tegrity of a running Xen Hypervisor as well as the guest virtual machines running on top of it. As part of the RIC system we present a novel attestation technique which in- cludes not only the guest operating system's static code and read-only data sections but also the guest OS' dynamically loadable kernel modules. These attestations are conducted periodically at run-time to provide a stronger guarantee of correctness than that oered by load-time verication tech- niques. A system such as RIC can be used in cloud comput- ing scenarios to verify the environment in which the cloud services ultimately run. Furthermore we oer a method to decrease the performance impact that this process has on the virtual machines that run the cloud services since these ser- vices often have very strict performance and availability re- quirements. This scheme eectively extends the root of trust on the cloud machines from the Xen hypervisor upward to include the guest OS that runs within each virtual machine. This work represents an important step towards secure cloud computing platforms which can help cloud providers oer new services that require higher levels of security than are possible in cloud data centers today.

Download

Paper Citation

in Harvard Style

Elwell J., Sapello A., Poylisher A., Di Crescenzo G., Ghosh A., Kubota A. and Matsunaka T. (2018). Runtime Attestation for IAAS Clouds.In Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-295-0, pages 233-247. DOI: 10.5220/0006804002330247

in Bibtex Style

@conference{closer18,
author={Jesse Elwell and Angelo Sapello and Alexander Poylisher and Giovanni Di Crescenzo and Abhrajit Ghosh and Ayumu Kubota and Takashi Matsunaka},
title={Runtime Attestation for IAAS Clouds},
booktitle={Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2018},
pages={233-247},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006804002330247},
isbn={978-989-758-295-0},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Runtime Attestation for IAAS Clouds
SN - 978-989-758-295-0
AU - Elwell J.
AU - Sapello A.
AU - Poylisher A.
AU - Di Crescenzo G.
AU - Ghosh A.
AU - Kubota A.
AU - Matsunaka T.
PY - 2018
SP - 233
EP - 247
DO - 10.5220/0006804002330247