Abstract
Cloud customers need assurances regarding the security of their virtual machines (VMs), operating within an Infrastructure as a Service (IaaS) cloud system. This is complicated by the customer not knowing where his VM is executing, and on the semantic gap between what the customer wants to know versus what can be measured in the cloud. We present CloudMonatt, an architecture for monitoring a VM's security health. We show a full prototype based on the OpenStack open source cloud software. We also verify CloudMonatt to show that there are no security vulnerabilities that could allow an attacker to subvert its protection. As such, we conduct a systematic security verification of CloudMonatt. We model and verify the network protocols within the distributed system, as well as interactions of hardware/software modules inside the cloud server. Our results show that CloudMonatt is capable of delivering this monitoring and attestation service to customers in an unforgeable and reliable manner.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 799-815 |
| Number of pages | 17 |
| Journal | IEEE Transactions on Computers |
| Volume | 67 |
| Issue number | 6 |
| DOIs | |
| State | Published - Jun 1 2018 |
All Science Journal Classification (ASJC) codes
- Software
- Theoretical Computer Science
- Hardware and Architecture
- Computational Theory and Mathematics
Keywords
- Cloud computing
- attestation
- openstack
- security health
- security verification
- virtual machine