Cloud verifier: Verifiable auditing service for IaaS clouds

Joshua Schiffman, Yuqiong Sun, Hayawardh Vijayakumar, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Scopus citations

Abstract

Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013
Pages239-246
Number of pages8
DOIs
StatePublished - Nov 26 2013
Event2013 IEEE 9th World Congress on Services, SERVICES 2013 - Santa Clara, CA, United States
Duration: Jun 27 2013Jul 2 2013

Publication series

NameProceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013

Other

Other2013 IEEE 9th World Congress on Services, SERVICES 2013
CountryUnited States
CitySanta Clara, CA
Period6/27/137/2/13

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Cloud verifier: Verifiable auditing service for IaaS clouds'. Together they form a unique fingerprint.

Cite this