NeuronVisor: Defining a Fine-Grained Cloud Root-of-Trust

  • Anbang RuanEmail author
  • Andrew Martin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)


Security issues have become a significant barrier to the adoption of cloud computing services. Most existing security enhancements lack a well defined Root-of-Trust (RoT). Models for Trusted Clouds have been proposed, which establish RoT inside the cloud and vouch for the trustworthiness of the cloud services. However, these are often impractical due to cloud’s dynamics and complexity. In this paper, we present the NeuronVisor, an abstract Cloud Root-of-Trust (cRoT) framework. NeuronVisor enforces decentralized attestations to capture trust dependency among interacting software components inside the cloud, and determines a single cRoT for each cloud application. This cRoT hides the cloud’s internal by presenting a uniform interface for attesting to the trustworthiness of the entire cloud application and all its dependent services inside the cloud (the Cloud TCB). Our simulations show that, for more than 98 % times, one interrogation to the dynamically formed cRoT is able to identify the properties of more than 90 % of the nodes hosting a cloud application and its cloud TCB. Meanwhile, NeuronVisor achieves higher fault detection rate than the prevalent centralized cloud attestation scheme (CEN). It still achieves the same fault detection rate with CEN even when 90 % of the NeuronVisors are constantly tampered with and maliciously collaborating with each other.


Virtual Machine Cloud Service Connection Strength Trust Information Layer Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    Trusted computing group.
  3. 3.
  4. 4.
  5. 5.
    Abbadi, I.M.: Clouds trust anchors. In: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (Washington, DC, USA, 2012), TRUSTCOM 2012, pp. 127–136. IEEE Computer Society (2012)Google Scholar
  6. 6.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the nineteenth ACM symposium on Operating systems principles (New York, NY, USA, 2003), SOSP 2003. ACM (2003)Google Scholar
  7. 7.
    Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42, 40–47 (2008)CrossRefGoogle Scholar
  8. 8.
    Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy, V.: Self-service cloud computing. In: Proceedings of the 2012 ACM conference on Computer and communications security (New York, NY, USA, 2012), CCS 2012. ACM (2012)Google Scholar
  9. 9.
    Hoffman, K., Zage, D., Nita-Rotaru, C.: A survey of attack and defense techniques for reputation systems. ACM Comput. Surv. 42(1), 1 (2009)CrossRefGoogle Scholar
  10. 10.
    Kamvar, S.D., Schlosser, M.T., Garcia-Molina, H.: The eigentrust algorithm for reputation management in p2p networks. In: Proceedings of the 12th international conference on World Wide Web (New York, NY, USA, 2003), WWW 2003. ACM (2003)Google Scholar
  11. 11.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: Trustvisor: Efficient tcb reduction and attestation. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2010), SP 2010. IEEE Computer Society (2010)Google Scholar
  12. 12.
    Piatek, M., Isdal, T., Krishnamurthy, A., Anderson, T.: One hop reputations for peer to peer file sharing workloads. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (Berkeley, CA, USA, 2008), NSDI 2008. USENIX Association (2008)Google Scholar
  13. 13.
    Ruan, A., Martin, A.: Repcloud: achieving fine-grained cloud tcb attestation with reputation systems. In: Proceedings of the sixth ACM workshop on Scalable trusted computing (New York, NY, USA, 2011), STC 2011. ACM (2011)Google Scholar
  14. 14.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM 2004. USENIX Association (2004)Google Scholar
  15. 15.
    Santos, N., Gummadi, K.P., Rodrigues, R. Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (Berkeley, CA, USA, 2009), HotCloud. USENIX Association (2009)Google Scholar
  16. 16.
    Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: a new abstraction for building trusted cloud services. In: Proceedings of the 21st USENIX conference on Security symposium (Berkeley, CA, USA, 2012), Security 2012. USENIX Association (2012)Google Scholar
  17. 17.
    Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop (New York, NY, USA, 2010), CCSW 2010. ACM (2010)Google Scholar
  18. 18.
    Stumpf, F., Fuchs, A., Katzenbeisser, S., Eckert, C.: Improving the scalability of platform attestation. In: Proceedings of the 3rd ACM workshop on Scalable trusted computing (New York, NY, USA, 2008), STC 2008, ACM (2008)Google Scholar
  19. 19.
    Walsh, K., Sirer, E.G.: Experience with an object reputation system for peer-to-peer filesharing. In: Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3 (Berkeley, CA, USA, 2006), NSDI 2006. USENIX Association (2006)Google Scholar
  20. 20.
    Xiong, L., Liu, L.: Peertrust: Supporting reputation-based trust for peer-to-peer electronic communities, vol. 16, IEEE Educational Activities DepartmentGoogle Scholar
  21. 21.
    Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (New York, NY, USA, 2011), SOSP 2011. ACM (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK

Personalised recommendations