Towards Trusted Cloud ComputingAuthors: Nuno Santos, Krishna P. Gummadi, and Rodrigo RodriguesIntroductionCreation of trustEncryptionTerraPrevents owner of physical host from interfering with or inspecting a running computationDetermines if computation is running in a trusted environment.Works on a VM running in a single host.Trusted Cloud Computing Platform OverviewProvides abstraction of closed box execution environmentAllows a user to check whether the virtual machine is running securelyEucalyptusManages 1+ clusters made of nodes running VMMs to hostcustomers' VMsCloud ManagerImage loaded into CMLaunchedExports administrative toolsAdding/removing VMI's and usersXen supports live migrationAttack ModelSystems administratorRun user level processes at Dom0Physical accessSingle sysadmin with root privileges?Assume they can login with root privilegesPhysical access?Divert the VM to a machine under their control, located outside the security perimeters.TCCP must:Confine the VM execution inside the perimeterSysadmin can't access memory"Trusted Computing"TPM chipEndorsement private key (EK)Remote attestationMeasurement List (ML)NonceTrusted Cloud Computing PlatformTVMMTCManages set of nodes in security perimeter calledtrusted nodesAttests to the node's platformLocated in ETETrusted nodes must:must be in security perimeterrun TVMMWhen to be wary:LaunchingMigrationETEVeriSignNode ManagementTPM holds the public endorsement key of the node and the expected measurement list.The ETE makes the public EK, ML, and indicated trusted keys all safely publicly available.Launching a VMUser does not know which physical node the VM will be launched on and can only trust the TCMigrating a VMNs - source nodeNd - destination nodeBoth must be trustedVM state must remain confidential and
View Full Document