Cloud Verifier: Verifiable Auditing Service for IaaS Clouds

Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform´s lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers´ data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM´s load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.