Trusted Cloud Computing

This chapter introduces various ideas to deal with insider attacks using the research directions, which are discussed in earlier chapters such as remote attestation, sealed storage, and integrity measurement. Trusted computing dependent on hardware root of trust has been produced by industry to secure computing frameworks and billions of end points. Remote attestation provides a facility to attestation the required platforms using platform configuration registers (PCR), and sealed storage is used to encrypt the consumer sensitive data using cryptographic operations. Integrity measurements are used to measure the given computing components in respective register. Here, the authors concentrated on a trusted computing paradigm to enable cloud service providers to solve the potential insider attacks at cloud premises.

Security Flaws and Design Issues in Cloud Infrastructure

Information security plays a vital role in cloud computing. Sensitive information should be kept in secure mode for providing integrity and confidentiality from insiders and outsiders. An insider is an employee who has legitimate access to cloud resources which are hosted at cloud data center. They can perform malicious activities on consumer sensitive data with or without malicious intent. This security beach is obvious and the provider needs to protect from such attacks. In this chapter, insider attacks are demonstrated with empirical approach to breach consumer-sensitive data. In this chapter, the authors present the threat models where an insider can manipulate user VMs in the node controller of cloud platform. Here, they assume that cloud service provider is malicious and cloud consumer does not have any security constraints to access their cloud assets. The model described two locations in the cloud infrastructure.

A Survey on Insider Attacks in IAAS-Based Cloud

This chapter provides a literature review and the related work about the insider attacks and solutions in cloud environment. The authors classified solutions into three categories: trusted computing-based approaches, encryption-based approaches, and virtualization-based approaches. The trusted computing approaches use remote attestation, sealed storage, and integrity measurement. Encryption-based approaches use the cryptographic operations along with cloud computing security mechanisms and policies. Virtualization-based approaches use the virtualization technology to solve critical security issues using trusted computing approaches. At the end of this chapter, they compare various solutions and summarize the problems and solutions.

Trustworthy Framework for Insider Attack Prevention and Detection

This chapter introduces a trustworthy cloud computing architecture that uses the security properties offered by a virtual machine monitor that enforces the principle of least privilege. These security properties are a strong building block to provide trustworthy cloud computing services to cloud consumers. This chapter briefly explained about a proposed system to prevent insider attacks in cloud environment from cloud consumer and cloud service provider perspectives. The proposed framework is initiating how virtual machines are providing the most reliable security materials of the cloud computing architecture. For cloud consumers, the proposed architecture allocates the well-built security materials of the reliable cloud computing services.

Results and Discussions

This chapter describes the proof-of-concept of the proposed protocol architecture. The eXtensible modular hypervisor framework has been utilized to build the TrustVisor hypervisor along with the core modules: cryptography operations, TEE, and TPM emulator, which contains TPM library function to make a secure communication with TPM hardware. The constructed hypervisor has been placed in the cloud server grub entry to make a choice of hypervisor. To ensure the trust worthiness of cloud platform, a remote attestation concept is used along with the most popular and widely used method called integrity measurement architecture (IMA). Remote attestation uses IMA. It works based on binary attestation concept. After configuring IMA, it calculates and extends the hashes of all components while boot process into their respective PCRs. To ensure the remote attestation with privacy preserving of NC, the authors used attestation identity key (AIK) for signing hashes of PCRs while performing quote operation. They used TPM emulator for communication with TPM device using TPM driver.

Security Architecture of Cloud Computing

Cloud computing is an innovation for dynamic resources to be used over the internet. Though cloud computing is cost effective and easy to use, security is often an area of concern. Sharing of sensitive information and running critical applications on public and/or shared cloud environments require high degree of security. Amount of data stored and processed is increasing enormously requiring cloud environments to resize to larger capacities. Cloud environments have both pros and cons concerning the security of data of the consumers using cloud services. This chapter discusses the main security issues faced by cloud computing environments. The main focus of this chapter is to describe the issues faced during building cross-domain collaborations over the internet and usage of cloud services and its security. This chapter also identifies the security at various levels of cloud computing and, based on cloud architecture, categorizes the security issues.