Cloud verifier: Verifiable auditing service for IaaS clouds

Joshua Schiffman, Yuqiong Sun, Hayawardh Vijayakumar, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Citations (Scopus)

Abstract

Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013
Pages239-246
Number of pages8
DOIs
StatePublished - Nov 26 2013
Event2013 IEEE 9th World Congress on Services, SERVICES 2013 - Santa Clara, CA, United States
Duration: Jun 27 2013Jul 2 2013

Publication series

NameProceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013

Other

Other2013 IEEE 9th World Congress on Services, SERVICES 2013
CountryUnited States
CitySanta Clara, CA
Period6/27/137/2/13

Fingerprint

Cloud computing
Remediation
Transparency
Cryptography
Monitoring
Virtual machine

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Cite this

Schiffman, J., Sun, Y., Vijayakumar, H., & Jaeger, T. (2013). Cloud verifier: Verifiable auditing service for IaaS clouds. In Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013 (pp. 239-246). [6655704] (Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013). https://doi.org/10.1109/SERVICES.2013.37
Schiffman, Joshua ; Sun, Yuqiong ; Vijayakumar, Hayawardh ; Jaeger, Trent. / Cloud verifier : Verifiable auditing service for IaaS clouds. Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013. 2013. pp. 239-246 (Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013).
@inproceedings{d40bd06ed51f400080600cfb4fa603d3,
title = "Cloud verifier: Verifiable auditing service for IaaS clouds",
abstract = "Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.",
author = "Joshua Schiffman and Yuqiong Sun and Hayawardh Vijayakumar and Trent Jaeger",
year = "2013",
month = "11",
day = "26",
doi = "10.1109/SERVICES.2013.37",
language = "English (US)",
isbn = "9780768550244",
series = "Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013",
pages = "239--246",
booktitle = "Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013",

}

Schiffman, J, Sun, Y, Vijayakumar, H & Jaeger, T 2013, Cloud verifier: Verifiable auditing service for IaaS clouds. in Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013., 6655704, Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013, pp. 239-246, 2013 IEEE 9th World Congress on Services, SERVICES 2013, Santa Clara, CA, United States, 6/27/13. https://doi.org/10.1109/SERVICES.2013.37

Cloud verifier : Verifiable auditing service for IaaS clouds. / Schiffman, Joshua; Sun, Yuqiong; Vijayakumar, Hayawardh; Jaeger, Trent.

Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013. 2013. p. 239-246 6655704 (Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Cloud verifier

T2 - Verifiable auditing service for IaaS clouds

AU - Schiffman, Joshua

AU - Sun, Yuqiong

AU - Vijayakumar, Hayawardh

AU - Jaeger, Trent

PY - 2013/11/26

Y1 - 2013/11/26

N2 - Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.

AB - Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsure if their sensitive data and computation can be entrusted to the cloud. While techniques like encryption can protect customers' data at rest, clouds still lack mechanisms for customers to verify that their computations are being executed as expected, a guarantee one could obtain if they were running the computation in their own data center. In this paper, we present the cloud verifier (CV), a flexible framework that cloud vendors can configure to provide cloud monitoring services for customers to validate that their computations are configured and being run as expected in Infrastructure as a Service (IaaS) clouds. The CV builds a chain of trust from the customer to their hosted virtual machine (VM) instances through the cloud platform, enabling it to check customer-specified requirements against a comprehensive view of both the VM's load-time and run-time properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attestation mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous customers to verify numerous properties with little impact on cloud application performance. As a result, the CV gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.

UR - http://www.scopus.com/inward/record.url?scp=84888066817&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84888066817&partnerID=8YFLogxK

U2 - 10.1109/SERVICES.2013.37

DO - 10.1109/SERVICES.2013.37

M3 - Conference contribution

AN - SCOPUS:84888066817

SN - 9780768550244

T3 - Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013

SP - 239

EP - 246

BT - Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013

ER -

Schiffman J, Sun Y, Vijayakumar H, Jaeger T. Cloud verifier: Verifiable auditing service for IaaS clouds. In Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013. 2013. p. 239-246. 6655704. (Proceedings - 2013 IEEE 9th World Congress on Services, SERVICES 2013). https://doi.org/10.1109/SERVICES.2013.37