mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security Considerations for Virtual Platform Provisioning
2011 (English)In: PROCEEDINGS OF THE 10TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, Reading, 2011, 283-290 p.Conference paper, Published paper (Refereed)
Abstract [en]

The concept of virtualization is not new but leveraging virtualization in different modes and at different layers has revolutionized its usage scenarios. Virtualization can be applied at application layer to create sandbox environment, operating system layer to virtualize shared system resources (e.g. memory, CPU), at platform level or in any other useful possible hybrid scheme. When virtualization is applied at platform level, the resulting virtualized platform can run multiple virtual machines as if they were physically separated real machines. Provisioning virtualized platforms in this way is often also referred to as Infrastructure-as-a-Service or Platform-as-a-Service when full hosting and application support is also offered. Different business models, like data-centers or telecommunication providers and operators, can get business benefits by using platform virtualization due to the possibility of increased resource utilization and reduced upfront infrastructure setup expenditures. This opportunity comes together with new security issues. An organization that runs services in form of virtual machine images on an offered platform needs security guarantees. In short, it wants evidence that the platforms it utilizes are trustworthy and that sensitive information is protected. Even if this sounds natural and straight forward, few attempts have been made to analyze in details what these expectations means from a security technology perspective in a realistic deployment scenario. In this paper we present a telecommunication virtualized platform provisioning scenario with two major stakeholders, the operator who utilizes virtualized telecommunication platform resources and the service provider, who offers such resources to operators. We make threats analysis for this scenario and derive major security requirements from the different stakeholders’ perspectives. Through investigating a particular virtual machine provisioning use case, we take the first steps towards a better understanding of the major security obstacles with respect to platform service offerings. The last couple of years we have seen increased activities around security for clouds regarding different usage and business models. We contribute to this important area through a thorough security analysis of a concrete deployment scenario. Finally, we use the security requirements derived through the analysis to make a comparison with contemporary related research and to identify future research challenges in the area.

Place, publisher, year, edition, pages
Reading, 2011. 283-290 p.
Keyword [en]
security; trust; virtualization; virtual private server; telecommunication networks, clouds
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-15234ISBN: 978-1-908272-07-2 (print)ISBN: 978-1-908272-06-5 (print)OAI: oai:DiVA.org:mdh-15234DiVA: diva2:550249
Conference
European Conference on Information Warfare and Security ECIW-2011, 7-8 July 2011, Tallin,Estonia.
Available from: 2012-09-06 Created: 2012-09-06 Last updated: 2014-06-24Bibliographically approved
In thesis
1. Secure Service Provisioning in a Public Cloud
Open this publication in new window or tab >>Secure Service Provisioning in a Public Cloud
2012 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The evolution of cloud technologies which allows the provisioning of IT resources over the Internet promises many benefits for the individuals and enterprises alike. However, this new resource provisioning model comes with the security challenges which did not exist in the traditional resource procurement mechanisms. We focus on the possible security concerns of a cloud user (e.g. an organization, government department, etc.) to lease cloud services such as resources in the form of Virtual Machines (VM) from a public Infrastructure-as-a-Service (IaaS) provider. There are many security critical areas in the cloud systems, such as data confidentiality, resource integrity, service compliance, security audits etc. In this thesis, we focus on the security aspects which result in the trust deficit among the cloud stakeholders and hence hinder a security sensitive user to benefit from the opportunities offered by the cloud computing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds. Our solutions mainly deal with the secure life cycle management of the user VM which include mechanisms for VM launch and migration. The VM launch and migration solutions ensure that the user VM is always protected in the cloud by only allowing it to run on the user trusted platforms. This is done by using trusted computing techniques that allow the users to remotely attest and hence rate the cloud platforms trusted or untrusted. We also provide a prototype implementation to prove the implementation feasibility of the proposed trust enabling principles used in the VM launch and migration solutions.

Place, publisher, year, edition, pages
Mälardalen Univsersity, 2012. 140 p.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 157
Keyword
VM migration, trusted platforms, cloud security, IaaS, TPM, Security, Trusted Computing, Virtualization, Cloud Computing, trust
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-15243 (URN)978-91-7485-081-9 (ISBN)
Presentation
2012-10-09, Delta, Mälardalen University, Västerås, 13:15 (English)
Opponent
Supervisors
Funder
Vinnova
Available from: 2012-09-07 Created: 2012-09-06 Last updated: 2013-12-03Bibliographically approved
2. Bringing Visibility in the Clouds: using Security, Transparency and Assurance Services
Open this publication in new window or tab >>Bringing Visibility in the Clouds: using Security, Transparency and Assurance Services
2014 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The evolution of cloud computing allows the provisioning of IT resources over the Internet and promises many benefits for both - the service users and providers. Despite various benefits offered by cloud based services, many users hesitate in moving their IT systems to the cloud mainly due to many new security problems introduced by cloud environments. In fact, the characteristics of cloud computing become basis of new problems, for example, support of third party hosting introduces loss of user control on the hardware; similarly, on-demand availability requires reliance on complex and possibly insecure API interfaces; seamless scalability relies on the use of sub-providers; global access over public Internet exposes to broader attack surface; and use of shared resources for better resource utilization introduces isolation problems in a multi-tenant environment. These new security issues in addition to existing security challenges (that exist in today's classic IT environments) become major reasons for the lack of user trust in cloud based services categorized in Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS).

The focus of this thesis is on IaaS model which allows users to lease IT resources (e.g. computing power, memory, storage, etc.) from a public cloud to create Virtual Machine (VM) instances. The public cloud deployment model considered in this thesis exhibits most elasticity (i.e. degree of freedom to lease/release IT resources according to user demand) but is least secure as compared to private or hybrid models. As a result, public clouds are not trusted for many use cases which involve processing of security critical data such as health records, financial data, government data, etc. However, public IaaS clouds can also be made trustworthy and viable for these use cases by providing better transparency and security assurance services for the user. In this thesis, we consider such assurance services and identify security aspects which are important for making public clouds trustworthy. Based upon our findings, we propose solutions which promise to improve cloud transparency thereby realizing trustworthy clouds.

The solutions presented in this thesis mainly deal with the secure life cycle management of the user VM which include protocols and their implementation for secure VM launch and migration. The VM launch and migration solutions ensure that the user VM is always hosted on correct cloud platforms which are setup according to a profile that fulfills the use case relevant security requirements. This is done by using an automated platform security audit and certification mechanism which uses trusted computing and security automation techniques in an integrated solution. In addition to provide the assurance about the cloud platforms, we also propose a solution which provides assurance about the placement of user data in correct and approved geographical locations which is critical from many legal aspects and usually an important requirement of the user. Finally, the assurance solutions provided in this thesis increase cloud transparency which is important for user trust and to realize trustworthy clouds.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2014
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 161
Keyword
Cloud Security, Trusted Computing, Trustworthy Clouds, Cloud Audits, Security Automation, SCAP, Virtual Machine
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-25376 (URN)978-91-7485-156-4 (ISBN)
Public defence
2014-09-05, Kappa, Mälardalen University, Västerås, 10:00 (English)
Opponent
Supervisors
Available from: 2014-06-24 Created: 2014-06-24 Last updated: 2014-08-20Bibliographically approved

Open Access in DiVA

No full text

Other links

10th European Conference on Information Warfare and Security

Search in DiVA

By author/editor
Aslam, MudassarGehrmann, Christian
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

Total: 128 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf