Abstract
Operational security assurance of a networked system requires providing constant and up-to-date evidence of its operational state. In a cloud-based environment we deploy our services as virtual guests running on external hosts. As this environment is not under our full control, we have to find ways to provide assurance that the security information provided from this environment is accurate, and our software is running in the expected environment. In this paper, we present an architecture for providing increased confidence in measurements of such cloud-based deployments. The architecture is based on a set of deployed measurement probes and trusted platform modules (TPM) across both the host infrastructure and guest virtual machines. The TPM are used to verify the integrity of the probes and measurements they provide. This allows us to ensure that the system is running in the expected environment, the monitoring probes have not been tampered with, and the integrity of measurement data provided is maintained. Overall this gives us a basis for increased confidence in the security of running parts of our system in an external cloud-based environment.
Original language | English |
---|---|
Title of host publication | Cloud Engineering (IC2E), 2015 IEEE International Conference on |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 195 - 200 |
ISBN (Electronic) | 978-1-4799-8218-9 |
DOIs | |
Publication status | Published - 23 Apr 2015 |
MoE publication type | A4 Article in a conference publication |
Event | IEEE International Conference on Cloud Engineering - Tempe, United States Duration: 9 Mar 2015 → 13 Mar 2015 |
Conference
Conference | IEEE International Conference on Cloud Engineering |
---|---|
Abbreviated title | IC2E |
Country/Territory | United States |
City | Tempe |
Period | 9/03/15 → 13/03/15 |
Keywords
- computer architecture
- cryptography
- monitoring
- probes
- servers
- virtual machining