Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine's Security Health

Tianwei Zhang, Ruby B. Lee

Research output: Contribution to journalArticle

5 Scopus citations

Abstract

Cloud customers need assurances regarding the security of their virtual machines (VMs), operating within an Infrastructure as a Service (IaaS) cloud system. This is complicated by the customer not knowing where his VM is executing, and on the semantic gap between what the customer wants to know versus what can be measured in the cloud. We present CloudMonatt, an architecture for monitoring a VM's security health. We show a full prototype based on the OpenStack open source cloud software. We also verify CloudMonatt to show that there are no security vulnerabilities that could allow an attacker to subvert its protection. As such, we conduct a systematic security verification of CloudMonatt. We model and verify the network protocols within the distributed system, as well as interactions of hardware/software modules inside the cloud server. Our results show that CloudMonatt is capable of delivering this monitoring and attestation service to customers in an unforgeable and reliable manner.

Original languageEnglish (US)
Pages (from-to)799-815
Number of pages17
JournalIEEE Transactions on Computers
Volume67
Issue number6
DOIs
StatePublished - Jun 1 2018

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computational Theory and Mathematics

Keywords

  • Cloud computing
  • attestation
  • openstack
  • security health
  • security verification
  • virtual machine

Fingerprint Dive into the research topics of 'Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine's Security Health'. Together they form a unique fingerprint.

Cite this