Architecture for high confidence cloud security monitoring

Teemu Kanstrén, Sami Lehtonen, Reijo Savola, Hilkka Kukkohovi, Kimmo Hätönen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    5 Citations (Scopus)

    Abstract

    Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.
    Original languageEnglish
    Title of host publicationCloud Engineering (IC2E), 2015 IEEE International Conference on
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages195 - 200
    ISBN (Electronic)978-1-4799-8218-9
    DOIs
    Publication statusPublished - 23 Apr 2015
    MoE publication typeA4 Article in a conference publication
    EventIEEE International Conference on Cloud Engineering - Tempe, United States
    Duration: 9 Mar 201513 Mar 2015

    Conference

    ConferenceIEEE International Conference on Cloud Engineering
    Abbreviated titleIC2E
    CountryUnited States
    CityTempe
    Period9/03/1513/03/15

      Fingerprint

    Keywords

    • computer architecture
    • cryptography
    • monitoring
    • probes
    • servers
    • virtual machining

    Cite this

    Kanstrén, T., Lehtonen, S., Savola, R., Kukkohovi, H., & Hätönen, K. (2015). Architecture for high confidence cloud security monitoring. In Cloud Engineering (IC2E), 2015 IEEE International Conference on (pp. 195 - 200). IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/IC2E.2015.21