Providing User Security Guarantees in Public Infrastructure Clouds
(2017) In IEEE Transactions on Cloud Computing 5(3). p.405-419- Abstract
The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the... (More)
The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.
(Less)
- author
- Paladi, Nicolae LU ; Gehrmann, Christian LU and Michalas, Antonis
- publishing date
- 2017-07-01
- type
- Contribution to journal
- publication status
- published
- subject
- keywords
- cloud computing, Security, storage protection, trusted computing
- in
- IEEE Transactions on Cloud Computing
- volume
- 5
- issue
- 3
- article number
- 7399365
- pages
- 15 pages
- publisher
- IEEE - Institute of Electrical and Electronics Engineers Inc.
- external identifiers
-
- scopus:85029938241
- DOI
- 10.1109/TCC.2016.2525991
- language
- English
- LU publication?
- no
- id
- 895a9b33-c9ba-4c9a-8756-bc2ae1dedf09
- date added to LUP
- 2018-11-21 16:51:37
- date last changed
- 2022-04-10 03:45:18
@article{895a9b33-c9ba-4c9a-8756-bc2ae1dedf09, abstract = {{<p>The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.</p>}}, author = {{Paladi, Nicolae and Gehrmann, Christian and Michalas, Antonis}}, keywords = {{cloud computing; Security; storage protection; trusted computing}}, language = {{eng}}, month = {{07}}, number = {{3}}, pages = {{405--419}}, publisher = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}}, series = {{IEEE Transactions on Cloud Computing}}, title = {{Providing User Security Guarantees in Public Infrastructure Clouds}}, url = {{http://dx.doi.org/10.1109/TCC.2016.2525991}}, doi = {{10.1109/TCC.2016.2525991}}, volume = {{5}}, year = {{2017}}, }