TSD: A Flexible Root of Trust for the Cloud

Due to the tight one-to-one binding relationship between the TPM and the single platform lacks of flexibility and scalability, the Trusted Platform Module (TPM) can not be directly applied to the cloud virtualization platform, on which concurrently running several user domains (VMs). For establishing the trust in the cloud, we propose the Trusted Service Domain (TSD), as a novel root of trust for the cloud. Being an independent functional domain, the TSD is able to provide the trusted service for the multiple user domains on the cloud virtualization platform. We firstly extend the existing trusted chain to secure the TSD, and generate the independent key hierarchies for the user domains in the TSD to support the cryptography service and secure storage. Then we design the secure communication mechanism to protect the inter-domain data, and present the migration scheme for the TSD in the cloud. Finally, we detailed our implementation of the prototype system and analyze the security of the TSD. Preliminary experiment results showed that the TSD has higher efficiency than the existing schemes on the trusted commands handling and the migration, which satisfied flexible deployment and rapidly migration requirements of the cloud virtualization platform.