research-article

Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications

Authors:

Jeffrey S. ChaseAuthors Info & Claims

CCSW '11: Proceedings of the 3rd ACM workshop on Cloud computing security workshop

Pages 15 - 20

https://doi.org/10.1145/2046660.2046665

Published: 21 October 2011 Publication History

Abstract

The applications we use are increasingly packaged as network services running in the cloud under the control of a service provider. Users of these services have no basis to determine if these services are trustworthy, beyond the assurances of the service provider. Our work addresses the problem of how to build support for trustworthy services in the cloud, within the context of a larger trust management framework.

This paper shows how users can gain insights and trust into service applications by leveraging trust in a neutral third party: a cloud provider that hosts application services on an infrastructure and platform that it controls. A trusted cloud provider may act as a root of trust to attest cloud-hosted services to their clients---a trusted platform cloud. We have prototyped this approach in a trusted platform-as-a-service cloud provider supporting a Python/Django web framework. The cloud provider seals instances of service applications and attests their Python source code to external users. Once launched and attested, service instances run with an independent identity and are isolated from tampering by the cloud customer, except through well-defined operator interfaces that are part of the service definition.

References

[1]

S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. vTPM: virtualizing the trusted platform module. In Proceedings of the 15th USENIX Security Symposium - Volume 15, Aug. 2006.

Digital Library

[2]

J. Chase, L. Grit, D. Irwin, V. Marupadi, P. Shivam, and A. Yumerefendi. Beyond Virtual Data Centers: Toward an Open Resource Control Architecture. In Selected Papers from the International Conference on the Virtual Computing Initiative (ACM Digital Library), May 2007.

[3]

P. England, B. Lampson, J. Manferdelli, and B. Willman. A trusted open platform. Computer, 36(7):55 -- 62, July 2003.

Digital Library

[4]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP '03, pages 193--206, 2003.

Digital Library

[5]

D. Irwin, J. S. Chase, L. Grit, A. Yumerefendi, D. Becker, and K. G. Yocum. Sharing Networked Resources with Brokered Leases. In Proceedings of the USENIX Technical Conference, June 2006.

Digital Library

[6]

B. Lampson. Accountability and freedom. In Cambridge Computer Seminar, Cambridge, UK, October 2005.

[7]

N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust-management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114--130, May 2002.

Digital Library

[8]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: an execution infrastructure for TCB minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, Eurosys '08, pages 315--328, New York, NY, USA, 2008. ACM.

Digital Library

[9]

M. Ryan, T. Faber, J. Wroclawski, and S. Schwab. Attribute-based access control. http://abac.deterlab.net/, 2011. {Online; accessed 22-July-2011}.

[10]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 16--16, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[11]

N. Santos, K. P. Gummadi, and R. Rodrigues. Towards trusted cloud computing. In Proceedings of the Workshop on Hot Topics in Cloud Computing, HotCloud'09. USENIX Association, 2009.

Digital Library

[12]

F. B. Schneider, K. Walsh, and E. G. Sirer. Nexus authorization logic (NAL): Design rationale and applications. ACM Trans. Inf. Syst. Secur., 14:8:1--8:28, June 2011.

Digital Library

[13]

E. Shi, A. Perrig, and L. V. Doorn. BIND: A fine-grained attestation service for secure distributed systems. In In IEEE Symposium On Security and Privacy, pages 154--168, 2005.

Digital Library

[14]

K. Thompson. Reflections on trusting trust. Commun. ACM, 27:761--763, August 1984.

Digital Library

[15]

D. Williams, P. Reynolds, K. Walsh, E. G. Sirer, and F. B. Schneider. Device driver safety through a reference validation mechanism. In Proceedings of the 8th USENIX conference on Operating systems design and implementation, OSDI'08, pages 241--254, Berkeley, CA, USA, 2008. USENIX Association.

Digital Library

Cited By

Chase JBaldin I(2021)Federated Authorization for Managed Data Sharing: Experiences from the ImPACT Project2021 International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN52240.2021.9522208(1-10)Online publication date: Jul-2021
https://doi.org/10.1109/ICCCN52240.2021.9522208
BENTAJER AHEDABOU MENNAAMA FELFEZAZİ S(2020)Development of Design for Enhancing Trust in Cloud’s SPI StackInternational Journal of Computational and Experimental Science and Engineering10.22399/ijcesen.3708736:1(13-18)Online publication date: 31-Mar-2020
https://doi.org/10.22399/ijcesen.370873
(2018)MT-DIPSInternational Journal of Grid and Utility Computing10.1504/IJGUC.2018.0902239:1(26-36)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJGUC.2018.090223
Show More Cited By

Index Terms

Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Cloud service engineering
ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2

Building on compute and storage virtualization, Cloud Computing provides scalable, network-centric, abstracted IT infrastructure, platforms, and applications as on-demand services that are billed by consumption. Cloud Service Engineering is the ...
A Conceptual Platform of SLA in Cloud Computing
DASC '11: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing

Cloud computing is a promising technology, where the infrastructure, developing platform, software and storage are delivered as a service. With the development of cloud computing, more and more cloud service providers emerge. However, there are no ...
Cloud Service Platform: Hospital Information eXchangeHIX

Health Information eXchange HIX is a part of Happiness Cloud Service Platform of Happiness Guangdong in Guangdong Province of China based on innovation of cloud-based business model. This article illustrates the hospital health care business services ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '11: Proceedings of the 3rd ACM workshop on Cloud computing security workshop

October 2011

138 pages

ISBN:9781450310048

DOI:10.1145/2046660

Program Chairs:
Christian Cachin
IBM Research - Zurich, Switzerland
,
Thomas Ristenpart
University of Wisconsin-Madison, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

cloud computing

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 21, 2011

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
1,387
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chase JBaldin I(2021)Federated Authorization for Managed Data Sharing: Experiences from the ImPACT Project2021 International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN52240.2021.9522208(1-10)Online publication date: Jul-2021
https://doi.org/10.1109/ICCCN52240.2021.9522208
BENTAJER AHEDABOU MENNAAMA FELFEZAZİ S(2020)Development of Design for Enhancing Trust in Cloud’s SPI StackInternational Journal of Computational and Experimental Science and Engineering10.22399/ijcesen.3708736:1(13-18)Online publication date: 31-Mar-2020
https://doi.org/10.22399/ijcesen.370873
(2018)MT-DIPSInternational Journal of Grid and Utility Computing10.1504/IJGUC.2018.0902239:1(26-36)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJGUC.2018.090223
Zhan DYe LFang BZhang HDu X(2018)Checking virtual machine kernel control-flow integrity using a page-level dynamic tracing approachSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-017-2745-x22:23(7977-7987)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s00500-017-2745-x
Zhai YYin LChase JRistenpart TSwift M(2016)CQSTRProceedings of the Seventh ACM Symposium on Cloud Computing10.1145/2987550.2987558(223-236)Online publication date: 5-Oct-2016
https://dl.acm.org/doi/10.1145/2987550.2987558
Sze WSrivastava ASekar RChen XWang XHuang X(2016)Hardening OpenStack Cloud Platforms against Compute Node CompromisesProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897851(341-352)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897851
Li QWu WHuang JSun ZFeng M(2016)A Novel Trustworthy Framework for Cloud Based Rendering Application2016 IEEE Trustcom/BigDataSE/ISPA10.1109/TrustCom.2016.0298(1951-1956)Online publication date: Aug-2016
https://doi.org/10.1109/TrustCom.2016.0298
Kazim MEvans D(2016)Threat Modeling for Services in Cloud2016 IEEE Symposium on Service-Oriented System Engineering (SOSE)10.1109/SOSE.2016.55(66-72)Online publication date: Mar-2016
https://doi.org/10.1109/SOSE.2016.55
Jin CSrivastava AZhang Z(2016)Understanding security group usage in a public IaaS cloudIEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications10.1109/INFOCOM.2016.7524508(1-9)Online publication date: Apr-2016
https://doi.org/10.1109/INFOCOM.2016.7524508
Jin MXing TChen XMeng XFang DHe Y(2016)DualSync: Taming clock skew variation for synchronization in low-power wireless networksIEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications10.1109/INFOCOM.2016.7524335(1-9)Online publication date: Apr-2016
https://doi.org/10.1109/INFOCOM.2016.7524335
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents