Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds

被引:5
作者
Du, Juan [1 ]
Dean, Daniel J. [2 ]
Tan, Yongmin [3 ]
Gu, Xiaohui [2 ]
Yu, Ting [2 ]
机构
[1] Amazon, Seattle, WA 98144 USA
[2] N Carolina State Univ, Dept Comp Sci, Raleigh, NC 27695 USA
[3] MathWorks, Natick, MA 01760 USA
基金
美国国家科学基金会;
关键词
Distributed service integrity attestation; cloud computing; secure distributed data processing;
D O I
10.1109/TPDS.2013.62
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.
引用
收藏
页码:730 / 739
页数:10
相关论文
共 35 条
[1]  
ABADI DJ, 2005, P 2 BIENN C INN DAT
[2]   Managing and securing web services with VPNs [J].
Alchaal, L ;
Roca, V ;
Habert, M .
IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, PROCEEDINGS, 2004, :236-243
[3]  
Alonso G., 2002, Web Services Concepts, Architectures and Applications Series: Data-Centric Systems and Applications
[4]  
Amazon Elastic Compute Cloud, 2013, AM EL COMP CLOUD
[5]  
[Anonymous], 2013, TPM SPEC VERS 1 2
[6]  
[Anonymous], P IEEE S SEC PRIV MA
[7]  
[Anonymous], P USENIX S OP SYST D
[8]  
[Anonymous], P IEEE INT S INF THE
[9]  
[Anonymous], 2013, GOOGL APP ENG
[10]  
Arasu A., 2003, IEEE DATA ENG B, V26, P19