Towards a trusted launch mechanism for virtual machines in cloud computing

Juan Wang; Xuhui Xie; Qingfei Wang; Fei Yan; Hongxin Hu; Sijun Zhou; Tao Wang

doi:10.1007/978-3-319-05506_09

Towards a trusted launch mechanism for virtual machines in cloud computing

Juan Wang
, Xuhui Xie
, Qingfei Wang
, Fei Yan
, Hongxin Hu
, Sijun Zhou
, Tao Wang

Department of Computer Science and Engineering

University at Buffalo

Wuhan University
Ministry of Education of the People's Republic of China

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Although cloud computing enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm also brings forth many new security challenges. The security of virtual machines (VM) is one of such critical challenges for cloud computing. However, existing techniques for VM security, such as Terra, tboot and TXT, mainly focus on the security of VM running environment. There is a lack of protection mechanism for VMs themselves in clouds. In this paper, we propose a trusted launch solution for virtual machines (TLVM), including four systematic mechanisms, image encryption, measurement, attestation and security-enhanced authentication, for protecting VMs in clouds. We also discuss a proof-of-concept implementation of our approach. Our experimental results demonstrate the feasibility of our solution to protect the whole launch process of a VM.

Original language	English
Title of host publication	Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers
Editors	Min Chen, Victor C.M. Leung
Publisher	Springer Verlag
Pages	90-101
Number of pages	12
ISBN (Print)	9783319055053
DOIs	https://doi.org/10.1007/978-3-319-05506_09
State	Published - 2014
Event	4th International Conference on Cloud Computing, CloudComp 2013 - Wuhan, China Duration: Oct 17 2013 → Oct 19 2013

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	133

Conference

Conference	4th International Conference on Cloud Computing, CloudComp 2013
Country/Territory	China
City	Wuhan
Period	10/17/13 → 10/19/13

Keywords

Attestation
Cloud security
Measurement
VM

Access to Document

10.1007/978-3-319-05506_09

Cite this

Wang, J., Xie, X., Wang, Q., Yan, F., Hu, H., Zhou, S., & Wang, T. (2014). Towards a trusted launch mechanism for virtual machines in cloud computing. In M. Chen, & V. C. M. Leung (Eds.), Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers (pp. 90-101). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 133). Springer Verlag. https://doi.org/10.1007/978-3-319-05506_09

Wang, Juan ; Xie, Xuhui ; Wang, Qingfei et al. / Towards a trusted launch mechanism for virtual machines in cloud computing. Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers. editor / Min Chen ; Victor C.M. Leung. Springer Verlag, 2014. pp. 90-101 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{c5ed8a80eb5c4606bc874045acb72e12,

title = "Towards a trusted launch mechanism for virtual machines in cloud computing",

abstract = "Although cloud computing enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm also brings forth many new security challenges. The security of virtual machines (VM) is one of such critical challenges for cloud computing. However, existing techniques for VM security, such as Terra, tboot and TXT, mainly focus on the security of VM running environment. There is a lack of protection mechanism for VMs themselves in clouds. In this paper, we propose a trusted launch solution for virtual machines (TLVM), including four systematic mechanisms, image encryption, measurement, attestation and security-enhanced authentication, for protecting VMs in clouds. We also discuss a proof-of-concept implementation of our approach. Our experimental results demonstrate the feasibility of our solution to protect the whole launch process of a VM.",

keywords = "Attestation, Cloud security, Measurement, VM",

author = "Juan Wang and Xuhui Xie and Qingfei Wang and Fei Yan and Hongxin Hu and Sijun Zhou and Tao Wang",

note = "Publisher Copyright: {\textcopyright} Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2014.; 4th International Conference on Cloud Computing, CloudComp 2013 ; Conference date: 17-10-2013 Through 19-10-2013",

year = "2014",

doi = "10.1007/978-3-319-05506\_09",

language = "English",

isbn = "9783319055053",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "90--101",

editor = "Min Chen and Leung, \{Victor C.M.\}",

booktitle = "Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers",

address = "Germany",

}

Wang, J, Xie, X, Wang, Q, Yan, F, Hu, H, Zhou, S & Wang, T 2014, Towards a trusted launch mechanism for virtual machines in cloud computing. in M Chen & VCM Leung (eds), Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 133, Springer Verlag, pp. 90-101, 4th International Conference on Cloud Computing, CloudComp 2013, Wuhan, China, 10/17/13. https://doi.org/10.1007/978-3-319-05506_09

Towards a trusted launch mechanism for virtual machines in cloud computing. / Wang, Juan; Xie, Xuhui; Wang, Qingfei et al.
Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers. ed. / Min Chen; Victor C.M. Leung. Springer Verlag, 2014. p. 90-101 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 133).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards a trusted launch mechanism for virtual machines in cloud computing

AU - Wang, Juan

AU - Xie, Xuhui

AU - Wang, Qingfei

AU - Yan, Fei

AU - Hu, Hongxin

AU - Zhou, Sijun

AU - Wang, Tao

N1 - Publisher Copyright: © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2014.

PY - 2014

Y1 - 2014

N2 - Although cloud computing enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm also brings forth many new security challenges. The security of virtual machines (VM) is one of such critical challenges for cloud computing. However, existing techniques for VM security, such as Terra, tboot and TXT, mainly focus on the security of VM running environment. There is a lack of protection mechanism for VMs themselves in clouds. In this paper, we propose a trusted launch solution for virtual machines (TLVM), including four systematic mechanisms, image encryption, measurement, attestation and security-enhanced authentication, for protecting VMs in clouds. We also discuss a proof-of-concept implementation of our approach. Our experimental results demonstrate the feasibility of our solution to protect the whole launch process of a VM.

AB - Although cloud computing enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm also brings forth many new security challenges. The security of virtual machines (VM) is one of such critical challenges for cloud computing. However, existing techniques for VM security, such as Terra, tboot and TXT, mainly focus on the security of VM running environment. There is a lack of protection mechanism for VMs themselves in clouds. In this paper, we propose a trusted launch solution for virtual machines (TLVM), including four systematic mechanisms, image encryption, measurement, attestation and security-enhanced authentication, for protecting VMs in clouds. We also discuss a proof-of-concept implementation of our approach. Our experimental results demonstrate the feasibility of our solution to protect the whole launch process of a VM.

KW - Attestation

KW - Cloud security

KW - Measurement

KW - VM

UR - https://www.scopus.com/pages/publications/84943278949

U2 - 10.1007/978-3-319-05506_09

DO - 10.1007/978-3-319-05506_09

M3 - Conference contribution

SN - 9783319055053

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 90

EP - 101

BT - Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers

A2 - Chen, Min

A2 - Leung, Victor C.M.

PB - Springer Verlag

T2 - 4th International Conference on Cloud Computing, CloudComp 2013

Y2 - 17 October 2013 through 19 October 2013

ER -

Wang J, Xie X, Wang Q, Yan F, Hu H, Zhou S et al. Towards a trusted launch mechanism for virtual machines in cloud computing. In Chen M, Leung VCM, editors, Cloud Computing - 4th International Conference, CloudComp 2013, Revised Selected Papers. Springer Verlag. 2014. p. 90-101. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-05506_09

Towards a trusted launch mechanism for virtual machines in cloud computing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this