Infrastructure as a Service (laaS) has brought advantages to users because virtualization technology hides the details of the physical resources, but this leads to the problem of users being unable to perceive their...Infrastructure as a Service (laaS) has brought advantages to users because virtualization technology hides the details of the physical resources, but this leads to the problem of users being unable to perceive their security. This defect has obstructed cloud computing from wide-spread popularity and development. To solve this problem, a dynamic measurement protocol in laaS is presented in this paper. The protocol makes it possible for the user to get the real-time security status of the resources, thereby solving the problem of guaranteeing dynamic credibility. This changes the cloud service security provider from the operator to the users themselves. This study has verified the security of the protocol by means of Burrow-Abadi-Needham (BAN) logic, and the result shows that it can satisfy requirements for innovation, privacy, and integrity. Finally, based on different laaS platforms, this study has conducted a performance analysis to demonstrate that this protocol is reliable, secure, and efficient.展开更多
This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolat...This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual ddmain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.展开更多
基金supported by the National Basic Research Program of China (No. 2014CB340600)the National Natural Science Foundation of China (Nos. 61332019, 61173138, 6127245, and 91118003)the New Products and Technology Research and Development Projects of Hubei Province (No. 2012BAA03004)
文摘Infrastructure as a Service (laaS) has brought advantages to users because virtualization technology hides the details of the physical resources, but this leads to the problem of users being unable to perceive their security. This defect has obstructed cloud computing from wide-spread popularity and development. To solve this problem, a dynamic measurement protocol in laaS is presented in this paper. The protocol makes it possible for the user to get the real-time security status of the resources, thereby solving the problem of guaranteeing dynamic credibility. This changes the cloud service security provider from the operator to the users themselves. This study has verified the security of the protocol by means of Burrow-Abadi-Needham (BAN) logic, and the result shows that it can satisfy requirements for innovation, privacy, and integrity. Finally, based on different laaS platforms, this study has conducted a performance analysis to demonstrate that this protocol is reliable, secure, and efficient.
基金Supported by the National Natural Science Foundation of China (60970125)the Major State Basic Research Development Program of China (2007CB310900)
文摘This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual ddmain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.