Trusted virtual infrastructure bootstrapping for on demand services

Peter Membrey, Chun Chung Chan, Canh Ngo, Yuri Demchenko, Cees De Laat

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

14 Citations (Scopus)

Abstract

As cloud computing continues to gain traction, a great deal of effort is being expended in researching the most effective ways to build and manage secure and trustworthy clouds. Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to the multi-tenant and potentially multi-provider nature of Cloud Infrastructure. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services. Although the first task is a traditional task in security engineering, dynamic provisioning of managed security services in virtualized environment remains a problem and requires additional research. Entire frameworks have been proposed and demonstrated but although successful, there is a tendency to see such solutions as integrated 'all in one' infrastructures. This paper describes a light-weight mechanism and protocol for building trust between two machines that takes advantage of the Trusted Platform Module (TPM) to handle a key exchange and remote trusted deployment of a bootstrapping tool (referred to as the Bootstrapping Initiator (BI)). Once deployed, the BI can execute any arbitrary software required which could be (but is not limited to) solutions for advanced architecture management such as the Dynamic Access Control Infrastructure (DACI). The proposed solution provides a light-weight layer of trust backed by a TPM that additional systems can build upon as required by the individual use case without the requirement for a specific management or security infrastructure to be deployed along with it.
Original languageEnglish
Title of host publicationProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Pages350-357
Number of pages8
DOIs
Publication statusPublished - 26 Nov 2012
Event2012 7th International Conference on Availability, Reliability and Security, ARES 2012 - Prague, Czech Republic
Duration: 20 Aug 201224 Aug 2012

Conference

Conference2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Country/TerritoryCzech Republic
CityPrague
Period20/08/1224/08/12

Keywords

  • Bootstrapping
  • Cloud Security
  • Deployment
  • Trusted Computing

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality

Cite this