Advertisement

A Dynamic Integrity Transitivity Model for the Cloud

  • Rongyu He
  • Haonan Sun
  • Yong Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11342)

Abstract

Utilizing Trusted computing technology to enhance the security of Cloud has become a hot research, and a large number of solutions have been proposed in recent years. However, all of these solutions are focused on separating one Virtual Machine (VM) from others, and it is too strict for practical scenario as it forbids the communication between VMs. In this paper we propose a trust transitive model, named Dynamic Integrity Measurement Model (DIMM), for two VMs communication, and then an implementation of DIMM prototype is given. When dataflow occurs between two VMs, the DIMM will keep the trustworthiness of a system by ensuring the integrity of VMs and the delivered message. We also demonstrate the effectiveness of the model by experiments.

Keywords

Cloud computing Trust chain Dynamic integrity TPM Virtualization 

Notes

Acknowledgments

This research was financially supported by National Natural Science Foundation of China (Project 61572517) and the Science and Technology Plan Projects of Shenzhen (JCY2017302145623566).

References

  1. 1.
    TCG Specfication Architecture Overview. https://www.trustedcomputinggroup.org
  2. 2.
    Khan, A.: Virtual machine security. Int. J. Inf. Comput. Secur. 9(1–2), 49–84 (2017)Google Scholar
  3. 3.
    Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 228–238. IEEE (1999)Google Scholar
  4. 4.
    Fan, Z., Shu, C., Yongxuan, S.: Noninterference model for integrity. J. Commun. 32(10), 78–85 (2011)Google Scholar
  5. 5.
    Zhang, X., et al.: A formal method based on noninterference for analyzing trust chain of trusted computing platform. Chin. J. Comput. 33(1), 74–81 (2010)CrossRefGoogle Scholar
  6. 6.
    Zhang, X., et al.: SecureBus: towards application-transparent trusted computing with mandatory access control. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 117–126. ACM (2007)Google Scholar
  7. 7.
    Zhang, X., Chen, Y.L., Shen, C.X.: Non-interference trusted model based on processes. J. Commun. 30(3), 6–11 (2009)Google Scholar
  8. 8.
    Perez, R., et al.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)Google Scholar
  9. 9.
    Scarlata, V., et al.: TPM virtualization: building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Vieweg+Teubner, Berlin (2008).  https://doi.org/10.1007/978-3-8348-9452-6_4CrossRefGoogle Scholar
  10. 10.
    England, P., Loeser, J.: Para-virtualized TPM sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68979-9_9CrossRefGoogle Scholar
  11. 11.
    Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85886-7_1CrossRefGoogle Scholar
  12. 12.
    Strasser, M.: A software-based TPM emulator for Linux. Department of Computer Science, Swiss Federal Institute of Technology, Zurich (2004)Google Scholar
  13. 13.
    Rongyu, H., Shaojie, W., Lu, I.: A user-specific trusted virtual environment for cloud computing. Inf. Technol. J. 12(10), 1905–1913 (2013)CrossRefGoogle Scholar
  14. 14.
    Rushby, J.: Noninterference, Transitivity, and Channel-Control Security Policies. SRI International, Computer Science Laboratory (1992)Google Scholar
  15. 15.
    Garfinkel, T., et al.: Terra: a virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, pp. 193–206. ACM (2003)Google Scholar
  16. 16.
    Garfinkel, T., et al.: A virtual machine introspection based architecture for intrusion detection. In: Ndss, pp. 191–206 (2003)Google Scholar
  17. 17.
    Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: ATEC 2006: Proceedings of the Annual Conference on USENIX 2006 Annual Technical Conference, p. 1 (2006)Google Scholar
  18. 18.
    Payne, B.D., Martim, D.P.A., Lee, W.: Secure and flexible monitoring of virtual machines. In: Twenty-Third Annual of Computer Security Applications Conference, ACSAC 2007, pp. 385–397. IEEE (2007)Google Scholar
  19. 19.
    Vulnerability in xenserver could result in privilege escalation and arbitrary code execution. http://support.citrix.com/article/CTX118766. Accessed Nov 2011
  20. 20.
    Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for trusted computing. In: HotOS, pp. 145–150 (2003)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Zhengzhou Information Science and Technology InstituteZhengzhouChina
  2. 2.ATR Key Laboratory of National Defense TechnologyShenzhen UniversityShenzhenChina

Personalised recommendations