Architecture for high confidence cloud security monitoring

Teemu Kanstrén, Sami Lehtonen, Reijo Savola, Hilkka Kukkohovi, Kimmo Hätönen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

4 Citations (Scopus)

Abstract

Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.
Original languageEnglish
Title of host publicationCloud Engineering (IC2E), 2015 IEEE International Conference on
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages195 - 200
ISBN (Electronic)978-1-4799-8218-9
DOIs
Publication statusPublished - 23 Apr 2015
MoE publication typeA4 Article in a conference publication
EventIEEE International Conference on Cloud Engineering - Tempe, United States
Duration: 9 Mar 201513 Mar 2015

Conference

ConferenceIEEE International Conference on Cloud Engineering
Abbreviated titleIC2E
CountryUnited States
CityTempe
Period9/03/1513/03/15

Fingerprint

Monitoring
Hardware security
Virtual machine

Keywords

  • computer architecture
  • cryptography
  • monitoring
  • probes
  • servers
  • virtual machining

Cite this

Kanstrén, T., Lehtonen, S., Savola, R., Kukkohovi, H., & Hätönen, K. (2015). Architecture for high confidence cloud security monitoring. In Cloud Engineering (IC2E), 2015 IEEE International Conference on (pp. 195 - 200). IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/IC2E.2015.21
Kanstrén, Teemu ; Lehtonen, Sami ; Savola, Reijo ; Kukkohovi, Hilkka ; Hätönen, Kimmo. / Architecture for high confidence cloud security monitoring. Cloud Engineering (IC2E), 2015 IEEE International Conference on. IEEE Institute of Electrical and Electronic Engineers , 2015. pp. 195 - 200
@inproceedings{9cef6687a3da4553a17005218cc321eb,
title = "Architecture for high confidence cloud security monitoring",
abstract = "Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.",
keywords = "computer architecture, cryptography, monitoring, probes, servers, virtual machining",
author = "Teemu Kanstr{\'e}n and Sami Lehtonen and Reijo Savola and Hilkka Kukkohovi and Kimmo H{\"a}t{\"o}nen",
year = "2015",
month = "4",
day = "23",
doi = "10.1109/IC2E.2015.21",
language = "English",
pages = "195 -- 200",
booktitle = "Cloud Engineering (IC2E), 2015 IEEE International Conference on",
publisher = "IEEE Institute of Electrical and Electronic Engineers",
address = "United States",

}

Kanstrén, T, Lehtonen, S, Savola, R, Kukkohovi, H & Hätönen, K 2015, Architecture for high confidence cloud security monitoring. in Cloud Engineering (IC2E), 2015 IEEE International Conference on. IEEE Institute of Electrical and Electronic Engineers , pp. 195 - 200, IEEE International Conference on Cloud Engineering, Tempe, United States, 9/03/15. https://doi.org/10.1109/IC2E.2015.21

Architecture for high confidence cloud security monitoring. / Kanstrén, Teemu; Lehtonen, Sami; Savola, Reijo; Kukkohovi, Hilkka; Hätönen, Kimmo.

Cloud Engineering (IC2E), 2015 IEEE International Conference on. IEEE Institute of Electrical and Electronic Engineers , 2015. p. 195 - 200.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Architecture for high confidence cloud security monitoring

AU - Kanstrén, Teemu

AU - Lehtonen, Sami

AU - Savola, Reijo

AU - Kukkohovi, Hilkka

AU - Hätönen, Kimmo

PY - 2015/4/23

Y1 - 2015/4/23

N2 - Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.

AB - Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.

KW - computer architecture

KW - cryptography

KW - monitoring

KW - probes

KW - servers

KW - virtual machining

U2 - 10.1109/IC2E.2015.21

DO - 10.1109/IC2E.2015.21

M3 - Conference article in proceedings

SP - 195

EP - 200

BT - Cloud Engineering (IC2E), 2015 IEEE International Conference on

PB - IEEE Institute of Electrical and Electronic Engineers

ER -

Kanstrén T, Lehtonen S, Savola R, Kukkohovi H, Hätönen K. Architecture for high confidence cloud security monitoring. In Cloud Engineering (IC2E), 2015 IEEE International Conference on. IEEE Institute of Electrical and Electronic Engineers . 2015. p. 195 - 200 https://doi.org/10.1109/IC2E.2015.21