A Trusted IaaS Environment with Hardware Security Module
- 14 January 2015
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Services Computing
- Vol. 9 (3), 343-356
- https://doi.org/10.1109/tsc.2015.2392099
Abstract
With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentially malicious privileged domains or cloud administrators. Within a securely isolated execution environment, the hardware security module provides essential security functionality with only restricted interfaces exposed to vulnerable management systems or cloud administrators. Such restriction prevents cloud administrators from affecting the security of guest VMs. The proposed architecture not only defends against wide attack vectors but also achieves a small TCB. This paper discusses our hardware and software implementation of the proposed cloud architecture, analyzes its security, and presents its performance results.Keywords
Funding Information
- IT R&D Program
- MSIP/IITP (10041313)
- UX-oriented Mobile SW Platform
This publication has 29 references indexed in Scilit:
- InkTagPublished by Association for Computing Machinery (ACM) ,2013
- Secure cloud maintenancePublished by Association for Computing Machinery (ACM) ,2012
- Architectural support for hypervisor-secure virtualizationPublished by Association for Computing Machinery (ACM) ,2012
- Using hypervisors to secure commodity operating systemsPublished by Association for Computing Machinery (ACM) ,2010
- Separating hypervisor trusted computing base supported by hardwarePublished by Association for Computing Machinery (ACM) ,2010
- TrustVisor: Efficient TCB Reduction and AttestationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Providing secure services for a virtual infrastructureACM SIGOPS Operating Systems Review, 2009
- Towards a VMM-based usage control framework for OS kernel integrity protectionPublished by Association for Computing Machinery (ACM) ,2007
- TerraPublished by Association for Computing Machinery (ACM) ,2003
- Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDRLecture Notes in Computer Science, 1996