Scalable Attestation: A Step Toward Secure and Trusted Clouds

被引：17

作者：

Berger, Stefan ^{[1
]}

Goldman, Kenneth ^{[1
]}

Pendarakis, Dimitrios ^{[1
]}

Safford, David ^{[1
]}

Valdez, Enriquillo ^{[1
]}

Zohar, Mimi ^{[1
]}

机构：

[1] IBM TJ Watson Res Ctr, Yorktown Hts, NY 10598 USA

来源：

2015 IEEE INTERNATIONAL CONFERENCE ON CLOUD ENGINEERING (IC2E 2015) | 2015年

关键词：

Security; Integrity; Attestation;

D O I：

10.1109/IC2E.2015.32

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this work we present Scalable Attestation, a method which combines both secure boot and trusted boot technologies, and extends them up into the host, its programs, and up into the guest's operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, we gain a simple hardware based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud test beds based on the QEMU/KVM hypervisor, OpenStack, and OpenAttestation, and is shown to provide significant additional integrity protection at negligible cost.

引用

页码：185 / 194

页数：10

共 22 条

[1]

[Anonymous], 2010, CCSW 10

[2]

Arbaugh W.A., 1997, IEEE COMP SOC C SEC

[3]

BakerHostetler, 2014, INT COMP DAT PRIV LA

[4]

Edge J., CHARACTER DEVICES US

[5]

Futral W., 2013, INTEL TRUSTED EXECUT

[6]

Jayaram K. R., 2014, MIDDLEWARE

[7] Architecture for protecting critical secrets in microprocessors [J].

Lee, RB ;

Kwan, PCS ;

McGregor, JP ;

Dwoskin, J ;

Wang, Z .

32nd International Symposium on Computer Architecture, Proceedings, 2005, :2-13

[8]

McKeen F., 2013, HASP ISCA, V13, P10, DOI DOI 10.1145/2487726.2488368

[9]

NIST, 2012, TUST GEOL C IN PRESS

[10]

Reshetova E., BOOTSTRAPPING POLICI

← 1 2 3 →