Comprehensive System Verification in Cloud Computing Environments
ABSTRACT
Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform’s lack of transparency, which leaves customers unsure if their sensitive information can be entrusted to these remote services. While techniques like en- cryption can protect cloud customer data at rest, trusted com- puting approches, aided by secure hardware, enable users to verify the cloud’s ability to protect their data and vir- tual machine instances. However current trusted computing approaches are insufficent for enforcing the broad range of integrity requirements that customers have in a timely and efficient manner that scales to fit cloud environments.
In this paper, we present the cloud verifier (CV), a flexible verification framework for infrastructure as a service (IaaS) clouds. The CV not only verifies the integrity of the cloud’s hosting platform, but extends the verification into hosted vir- tual machine (VM) instances using an extensible verification proxy with the VM’s host. This enables the CV to check client-specified integrity requirements against a comprehen- sive view of both the VM’s load-time and runtime properties. In addition, the CV enables cloud vendors to provide more responsive remediation techniques than traditional attesta- tion mechanisms. We built a proof of concept CV for the OpenStack cloud platform whose evaluation demonstrates that a single CV enables over 20,000 simultaneous clients to verify numerous properties with little impact on cloud ap- plication performance. As a result, gives cloud customers a low-overhead method for assuring that their instances are running according to their requirements.
Award ID: 1117692