Opportunities in Using a Secure Element to Increase Confidence in Cloud Security Monitoring

In this paper we discuss applications of a secure element (SE) such as trusted platform module (TPM) for increasing confidence in cloud security monitoring from the cloud customer viewpoint. Monitoring security of cloud-based systems is similar in many ways to traditional in-house networks, but with the difference that the actual hardware is hosted by an external party and not under our control. This provides some unique challenges and opportunities for security monitoring. We discuss these challenges, identify related opportunities for SE use, and use these to present solutions to the identified challenges. This is based on three different use cases identified together with our industry partners. These are the monitoring of elements of the host infrastructure, monitoring our virtualized guest instances running on this infrastructure, and collecting and archiving log data for later external auditing of the cloud customer services. For each of these, we describe the problem area and different ways we have applied a TPM to increase trust and visibility.