Authors: Jesse Elwell 1 ; Angelo Sapello 1 ; Alexander Poylisher 1 ; Giovanni Di Crescenzo 1 ; Abhrajit Ghosh 1 ; Ayumu Kubota 2 and Takashi Matsunaka 2

Affiliations: 1 Vencore Labs, United States ; 2 KDDI Research, Japan

ISBN: 978-989-758-295-0

Keyword(s): Security, Virtualization, Cloud Infrastructure, Infrastructure-as-a-Service (IAAS).

Abstract: We present the RIC (Runtime Attestation for I aas Clouds) system which uses timing-based attestation to verify the in- tegrity of a running Xen Hypervisor as well as the guest virtual machines running on top of it. As part of the RIC system we present a novel attestation technique which in- cludes not only the guest operating system's static code and read-only data sections but also the guest OS' dynamically loadable kernel modules. These attestations are conducted periodically at run-time to provide a stronger guarantee of correctness than that o ered by load-time veri cation tech- niques. A system such as RIC can be used in cloud comput- ing scenarios to verify the environment in which the cloud services ultimately run. Furthermore we o er a method to decrease the performance impact that this process has on the virtual machines that run the cloud services since these ser- vices often have very strict performance and availability re- quirements. This scheme e ectively extends the root of trust on the cloud machines from the Xen hypervisor upward to include the guest OS that runs within each virtual machine. This work represents an important step towards secure cloud computing platforms which can help cloud providers o er new services that require higher levels of security than are possible in cloud data centers today. (More)

PDF ImageFull Text

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Elwell, J.; Sapello, A.; Poylisher, A.; Di Crescenzo, G.; Ghosh, A.; Kubota, A. and Matsunaka, T. (2018). Runtime Attestation for IAAS Clouds.In Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-295-0, pages 233-247. DOI: 10.5220/0006804002330247

author={Jesse Elwell. and Angelo Sapello. and Alexander Poylisher. and Giovanni Di Crescenzo. and Abhrajit Ghosh. and Ayumu Kubota. and Takashi Matsunaka.},
title={Runtime Attestation for IAAS Clouds},
booktitle={Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},


JO - Proceedings of the 8th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Runtime Attestation for IAAS Clouds
SN - 978-989-758-295-0
AU - Elwell, J.
AU - Sapello, A.
AU - Poylisher, A.
AU - Di Crescenzo, G.
AU - Ghosh, A.
AU - Kubota, A.
AU - Matsunaka, T.
PY - 2018
SP - 233
EP - 247
DO - 10.5220/0006804002330247

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.