Providing User Security Guarantees in Public Infrastructure Clouds

Paladi, Nicolae; Gehrmann, Christian; Michalas, Antonis

Providing User Security Guarantees in Public Infrastructure Clouds

Mark

Paladi, Nicolae ^LU

; Gehrmann, Christian ^LU and Michalas, Antonis (2017) In IEEE Transactions on Cloud Computing 5(3). p.405-419

Abstract: The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the... (More); The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.
(Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/895a9b33-c9ba-4c9a-8756-bc2ae1dedf09

author

Paladi, Nicolae ^LU

; Gehrmann, Christian ^LU and Michalas, Antonis

publishing date

2017-07-01

type

Contribution to journal

publication status

published

subject

Other Computer and Information Science

keywords

cloud computing, Security, storage protection, trusted computing

in

IEEE Transactions on Cloud Computing

volume

5

issue

3

article number

7399365

pages

15 pages

publisher

IEEE - Institute of Electrical and Electronics Engineers Inc.

external identifiers

scopus:85029938241

DOI

10.1109/TCC.2016.2525991

language

English

LU publication?

no

id

895a9b33-c9ba-4c9a-8756-bc2ae1dedf09

date added to LUP

2018-11-21 16:51:37

date last changed

2022-04-10 03:45:18

@article{895a9b33-c9ba-4c9a-8756-bc2ae1dedf09,
  abstract     = {{<p>The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.</p>}},
  author       = {{Paladi, Nicolae and Gehrmann, Christian and Michalas, Antonis}},
  keywords     = {{cloud computing; Security; storage protection; trusted computing}},
  language     = {{eng}},
  month        = {{07}},
  number       = {{3}},
  pages        = {{405--419}},
  publisher    = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}},
  series       = {{IEEE Transactions on Cloud Computing}},
  title        = {{Providing User Security Guarantees in Public Infrastructure Clouds}},
  url          = {{http://dx.doi.org/10.1109/TCC.2016.2525991}},
  doi          = {{10.1109/TCC.2016.2525991}},
  volume       = {{5}},
  year         = {{2017}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Providing User Security Guarantees in Public Infrastructure Clouds