Scalable Attestation: A Step Toward Secure and Trusted Clouds

Author

Berger, Stefan ; Goldman, Kenneth ; Pendarakis, Dimitrios ; Safford, David ; Valdez, Enriquillo ; Zohar, Mimi

Author_Institution

IBM T.J. Watson Res. Center, Yorktown Heights, NY, USA

fYear

2015

fDate

9-13 March 2015

Firstpage

185

Lastpage

194

Abstract

In this work we present Scalable Attestation, a method which combines both secure boot and trusted boot technologies, and extends them up into the host, its programs, and up into the guest´s operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, we gain a simple hardware based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud test beds based on the QEMU/KVM hypervisor, Open Stack, and Open Attestation, and is shown to provide significant additional integrity protection at negligible cost.

Keywords

cloud computing; operating systems (computers); security of data; trusted computing; Open Attestation; Open Stack; QEMU/KVM hypervisor; cloud test beds; guest operating system; hardware based geolocation attestation; hardware rooted attestation; integrity attack detection; integrity attack prevention; integrity protection; regulatory requirements; scalable attestation; secure boot; secure clouds; trusted boot technologies; trusted clouds; Appraisal; Hardware; Kernel; Linux; Public key; Semiconductor device measurement; Attestation; Integrity; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Engineering (IC2E), 2015 IEEE International Conference on

Conference_Location

Tempe, AZ

Type

conf

DOI

10.1109/IC2E.2015.32

Filename

7092916