mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Secure Service Provisioning in a Public Cloud
Mälardalen University, School of Innovation, Design and Engineering.ORCID iD: 0000-0003-3223-4234
2012 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The evolution of cloud technologies which allows the provisioning of IT resources over the Internet promises many benefits for the individuals and enterprises alike. However, this new resource provisioning model comes with the security challenges which did not exist in the traditional resource procurement mechanisms. We focus on the possible security concerns of a cloud user (e.g. an organization, government department, etc.) to lease cloud services such as resources in the form of Virtual Machines (VM) from a public Infrastructure-as-a-Service (IaaS) provider. There are many security critical areas in the cloud systems, such as data confidentiality, resource integrity, service compliance, security audits etc. In this thesis, we focus on the security aspects which result in the trust deficit among the cloud stakeholders and hence hinder a security sensitive user to benefit from the opportunities offered by the cloud computing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds. Our solutions mainly deal with the secure life cycle management of the user VM which include mechanisms for VM launch and migration. The VM launch and migration solutions ensure that the user VM is always protected in the cloud by only allowing it to run on the user trusted platforms. This is done by using trusted computing techniques that allow the users to remotely attest and hence rate the cloud platforms trusted or untrusted. We also provide a prototype implementation to prove the implementation feasibility of the proposed trust enabling principles used in the VM launch and migration solutions.

Place, publisher, year, edition, pages
Mälardalen Univsersity , 2012. , 140 p.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 157
Keyword [en]
VM migration, trusted platforms, cloud security, IaaS, TPM, Security, Trusted Computing, Virtualization, Cloud Computing, trust
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-15243ISBN: 978-91-7485-081-9 (print)OAI: oai:DiVA.org:mdh-15243DiVA: diva2:550493
Presentation
2012-10-09, Delta, Mälardalen University, Västerås, 13:15 (English)
Opponent
Supervisors
Funder
Vinnova
Available from: 2012-09-07 Created: 2012-09-06 Last updated: 2013-12-03Bibliographically approved
List of papers
1. Security Considerations for Virtual Platform Provisioning
Open this publication in new window or tab >>Security Considerations for Virtual Platform Provisioning
2011 (English)In: PROCEEDINGS OF THE 10TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, Reading, 2011, 283-290 p.Conference paper, Published paper (Refereed)
Abstract [en]

The concept of virtualization is not new but leveraging virtualization in different modes and at different layers has revolutionized its usage scenarios. Virtualization can be applied at application layer to create sandbox environment, operating system layer to virtualize shared system resources (e.g. memory, CPU), at platform level or in any other useful possible hybrid scheme. When virtualization is applied at platform level, the resulting virtualized platform can run multiple virtual machines as if they were physically separated real machines. Provisioning virtualized platforms in this way is often also referred to as Infrastructure-as-a-Service or Platform-as-a-Service when full hosting and application support is also offered. Different business models, like data-centers or telecommunication providers and operators, can get business benefits by using platform virtualization due to the possibility of increased resource utilization and reduced upfront infrastructure setup expenditures. This opportunity comes together with new security issues. An organization that runs services in form of virtual machine images on an offered platform needs security guarantees. In short, it wants evidence that the platforms it utilizes are trustworthy and that sensitive information is protected. Even if this sounds natural and straight forward, few attempts have been made to analyze in details what these expectations means from a security technology perspective in a realistic deployment scenario. In this paper we present a telecommunication virtualized platform provisioning scenario with two major stakeholders, the operator who utilizes virtualized telecommunication platform resources and the service provider, who offers such resources to operators. We make threats analysis for this scenario and derive major security requirements from the different stakeholders’ perspectives. Through investigating a particular virtual machine provisioning use case, we take the first steps towards a better understanding of the major security obstacles with respect to platform service offerings. The last couple of years we have seen increased activities around security for clouds regarding different usage and business models. We contribute to this important area through a thorough security analysis of a concrete deployment scenario. Finally, we use the security requirements derived through the analysis to make a comparison with contemporary related research and to identify future research challenges in the area.

Place, publisher, year, edition, pages
Reading: , 2011
Keyword
security; trust; virtualization; virtual private server; telecommunication networks, clouds
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-15234 (URN)978-1-908272-07-2 (ISBN)978-1-908272-06-5 (ISBN)
Conference
European Conference on Information Warfare and Security ECIW-2011, 7-8 July 2011, Tallin,Estonia.
Available from: 2012-09-06 Created: 2012-09-06 Last updated: 2014-06-24Bibliographically approved
2. Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud
Open this publication in new window or tab >>Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud
2012 (English)In: CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science, 2012, 511-521 p.Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis.

Keyword
Security, Trusted Computing, Virtualization, Cloud Computing, IaaS
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-15237 (URN)2-s2.0-84864878200 (Scopus ID)978-989-8565-05-1 (ISBN)
Conference
The 2nd International Conference on Cloud Computing and Services Science, CLOSER 2012, 18-21 April 2012, Porto, Portugal
Funder
Vinnova
Available from: 2012-09-06 Created: 2012-09-06 Last updated: 2014-06-24Bibliographically approved
3. Security and Trust Preserving VM Migrations in Public Clouds
Open this publication in new window or tab >>Security and Trust Preserving VM Migrations in Public Clouds
2012 (English)In: Proceedings of the 11th IEEE International Conference onTrust, Security and Privacy in Computingand Communications (TrustCom-2012), IEEE Computer Society Digital Library, 2012, 869-876 p.Conference paper, Presentation (Refereed)
Abstract [en]

In this paper we consider the security and trustimplications of virtual machine (VM) migration from one cloudplatform to the other in an Infrastructure-as-a-Service (IaaS) cloud service model. We show how to extend and complement previous Trusted Computing techniques for secure VM launchto also cover the VM migration case. In particular, we propose a Trust_Token based VM migration protocol which guarantees that the user VM can only be migrated to a trustworthy cloud platform. Different from previous schemes, our solution is not dependent on an active (on-line) trusted third party. We show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2012
Keyword
VM migration, trusted platforms, cloud security, IaaS, TPM
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-15239 (URN)10.1109/TrustCom.2012.256 (DOI)2-s2.0-84868116561 (Scopus ID)978-0-7695-4745-9 (ISBN)
Conference
2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, UK, 25-27 June 2012
Funder
VINNOVA
Available from: 2012-09-06 Created: 2012-09-06 Last updated: 2016-05-17Bibliographically approved
4. Protecting Private Data in the Cloud
Open this publication in new window or tab >>Protecting Private Data in the Cloud
2012 (English)In: CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science, SciTePress, 2012, 5-12 p.Conference paper, Published paper (Refereed)
Abstract [en]

Companies that process business critical and secret data are reluctant to use utility and cloud computing for the risk that their data gets stolen by rogue system administrators at the hosting company. We describe a system organization that prevents host administrators from directly accessing or installing eaves-dropping software on the machine that holds the client’s valuable data. Clients are monitored via machine code probes that are inlined into the clients’ programs at runtime. The system enables the cloud provider to install and remove software probes into the machine code without stopping the client’s program, and it prevents the provider from installing probes not granted by the client.

Place, publisher, year, edition, pages
SciTePress: , 2012
Keyword
Cloud Computing, Virtualization, Trusted Computing, Binary Translation
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-15240 (URN)2-s2.0-84864866703 (Scopus ID)978-989-8565-05-1 (ISBN)
Conference
The 2nd International Conference on Cloud Computing and Services Science, CLOSER 2012, 18-21 April 2012, Porto, Portugal
Funder
Vinnova
Available from: 2012-09-06 Created: 2012-09-06 Last updated: 2013-12-03Bibliographically approved

Open Access in DiVA

fulltext(973 kB)1278 downloads
File information
File name FULLTEXT02.pdfFile size 973 kBChecksum SHA-512
44cb9967c7c9a726f711cd9c5f46dbe85cdf28fc1feb9ca5db9fcde408f7d326c906ef1c2fccf4ccf9ac9dc713a41cb90671426f7501e596ff8b20154f05b412
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Aslam, Mudassar
By organisation
School of Innovation, Design and Engineering
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 1278 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 886 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf