Retaining Data Control to the Client in Infrastructure Clouds

Cloud computing allows delivering information technology power on demand. Be it either the hosting of a certain Web application or the outsourcing of an entire server or data center by means of virtualization. Applying these techniques however goes along with handing over the ultimate control of data to a third party. This paper investigates the application of Nimbus as a cloud resource and shows an example implementation for retaining data control to the user based on virtual machine images encrypted on the client side. This means that the procedures involved for verifying validity and accessing the virtual machine have to be entirely provided by the user. We provide a sample implementation of a secure virtual machine consisting of an encrypted partition, containing the data to be hosted, and a boot system, containing the logic to verify and access the encrypted partition. Further details of the implementation are described and applied on a cloud resource available within the AustrianGrid project. The methods presented in this paper form the basis for subsequent research on single point of access grid resp. cloud resources. The results will be applied in the AustrianGrid Phase 2 research project "Grid-supported Breath Gas Analysis of Molecular Oriented Diseases".