Design and Deployment of a Trusted Eucalyptus Cloud

Shift from traditional software models to the Internet has been steadily gaining momentum over the last 10 years. Moving business applications to the shared utility infrastructure of the cloud with its pay-as-you-go and auto scaling features has become significantly more viable for small and medium sized businesses rather then setting up their own software and hardware infrastructure. However before clouds can reach their full potential and be wholeheartedly adopted there is a need to address the concern of privacy advocates who question the weakness of the model from being able to prevent the monitoring at will, lawfully or unlawfully of the user communication and data stored by the cloud hosting provider. Eucalyptus[?] is an open source cloud computing software framework that implements the Cloud Service Model commonly known as Infrastructure as a Service (IaaS). The IaaS model allows users to run and control entire virtual machines on cloud Infrastructure. However one of the main privacy issues in cloud Infrastructure such as Eucalyptus is to ensure the integrity and confidentiality of user data and computation. In this paper we describe the design and deployment of a Trusted Eucalyptus cloud architecture based on remote attestation via Trusted Platform Modules (TPM). Trusted Eucalyptus guarantees users that their virtual machines execute only on cloud nodes, whose integrity is valid. Our experimental results show that Trusted Eucalyptus cloud is practical in terms of performance.