Define trusted cloud computing with suitable examples
The trusted cloud computing platform (TCCP) provides a closed box execution environment by extending the concept of trusted platform to an entire IaaS
backend. The TCCP guarantees the confidentiality and
the integrity of a user’s VM, and allows a user to determine up front whether or not the IaaS enforces these
properties.
 |
Figure 1 : The components of the trusted cloud computing platform include a set of trusted nodes (N) and the
trusted coordinator (TC). The untrusted cloud manager
(CM) makes a set of services available to users. The TC
is maintained by an external trusted entity (ETE).
|
TCCP enhances today’s IaaS backends to enable closed
box semantics without substantially changing the architecture (Figure 1). The trusted computing base of the
TCCP includes two components: a trusted virtual machine monitor (TVMM), and a trusted coordinator (TC).
Each node of the backend runs a TVMM that hosts customers’ VMs, and prevents privileged users from inspecting or modifying them. The TVMM protects its own integrity over time, and complies with the TCCP protocols. Nodes embed a certified TPM chip and must go through a secure boot process to install the TVMM.
The TC manages the set of nodes that can run a customer’s VM securely. We call these nodes trusted nodes. To be trusted, a node must be located within the security perimeter, and run the TVMM. To meet these conditions, the TC maintains a record of the nodes located in the security perimeter, and attests to the node’s platform to verify that the node is running a trusted TVMM implementation. The TC can cope with the occurrence of events such as adding or removing nodes from a cluster, or shutting down nodes temporarily for maintenance or upgrades. A user can verify whether the IaaS service secures its computation by attesting to the TC.
Each node of the backend runs a TVMM that hosts customers’ VMs, and prevents privileged users from inspecting or modifying them. The TVMM protects its own integrity over time, and complies with the TCCP protocols. Nodes embed a certified TPM chip and must go through a secure boot process to install the TVMM.
The TC manages the set of nodes that can run a customer’s VM securely. We call these nodes trusted nodes. To be trusted, a node must be located within the security perimeter, and run the TVMM. To meet these conditions, the TC maintains a record of the nodes located in the security perimeter, and attests to the node’s platform to verify that the node is running a trusted TVMM implementation. The TC can cope with the occurrence of events such as adding or removing nodes from a cluster, or shutting down nodes temporarily for maintenance or upgrades. A user can verify whether the IaaS service secures its computation by attesting to the TC.
To secure the VMs, each TVMM running at each node
cooperates with the TC in order to 1) confine the execution of a VM to a trusted node, and to 2) protect the
VM state against inspection or modification when it is
in transit on the network. The critical moments that re-
quire such protections are the operations to launch, and
migrate VMs. In order to secure these operations, the
TCCP specifies several protocols.
We assume an external trusted entity (ETE) that hosts the TC, and securely updates the information provided to the TC about the set of nodes deployed within the IaaS perimeter, and the set of trusted configurations. Most importantly, sysadmins that manage the IaaS have no privileges inside the ETE, and therefore cannot tamper with the TC. We envision that the ETE should be maintained by a third party with little or no incentive to collude with the IaaS provider e.g., by independent companies analogous to today’s certificate authorities like VeriSign.
We assume an external trusted entity (ETE) that hosts the TC, and securely updates the information provided to the TC about the set of nodes deployed within the IaaS perimeter, and the set of trusted configurations. Most importantly, sysadmins that manage the IaaS have no privileges inside the ETE, and therefore cannot tamper with the TC. We envision that the ETE should be maintained by a third party with little or no incentive to collude with the IaaS provider e.g., by independent companies analogous to today’s certificate authorities like VeriSign.
Nice Post
ReplyDeleteServiceNow Training in Ameerpet
ServiceNow Online Training in Hyderabad