Abstract
In this chapter, we focus on software architectures for self-protection in IaaS clouds. IaaS clouds, especially hybrid clouds, are becoming increasingly popular because of the need for developers and enterprises to dynamically increase/decrease their use of computing resources to adapt quickly to market forces and customer demands, reduce costs, and increase fault tolerance. However, the adoption of public IaaS and hybrid clouds by enterprises is slower than expected because the current hybrid cloud infrastructures do not provide scalable and efficient mechanisms to prevent software tampering and configuration errors and ensure the trustworthiness and integrity of the software stack executing a hybrid application workload; or to enforce governmental privacy and audit regulations by ensuring that remote data and computation do not cross specified geographic boundaries. We discuss the recent research on integrating intrusion detection systems in IaaS infrastructures, as well as hardware-rooted integrity verification and geographic fencing to address the concerns outlined above.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. vtpm: Virtualizing the trusted platform module. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS’06, Berkeley, CA, USA, 2006. USENIX Association.
EU Framework 7 – TClouds Project. Trustworthy Clouds Privacy and Resilience for Internet-scale Critical Infrastructure, 2013. http://www.tclouds-project.eu/index.php/published-results/public-deliverables.
W. Futral and J. Greene. Intel Trusted Execution Technology for Server Platforms, 2014. http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/trusted-execution-technology-security-paper.pdf.
Benjamin Hindman, Andy Konwinski, Matei Zaharia, Ali Ghodsi, Anthony D. Joseph, Randy Katz, Scott Shenker, and Ion Stoica. Mesos: A platform for fine-grained resource sharing in the data center. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, NSDI’11, pages 295–308, Berkeley, CA, USA, 2011. USENIX Association.
OpenStack. OpenStack Architecture, 2014. http://docs.openstack.org/training-guides/content/module001-ch004-openstack-architecture.html.
OpenStack. Nova Developer Documentation, 2014. http://docs.openstack.org/developer/nova/.
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, pages 16–16, Berkeley, CA, USA, 2004. USENIX Association.
Malte Schwarzkopf, Andy Konwinski, Michael Abd-El-Malek, and John Wilkes. Omega: Flexible, scalable schedulers for large compute clusters. In Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys ’13, pages 351–364, New York, NY, USA, 2013. ACM.
Trusted Computing Group. Trusted Boot, 2014. http://www.trustedcomputinggroup.org/resources/trusted_boot.
Trusted Computing Group. Trusted Computing Group Web Portal, 2014. http://www.trustedcomputinggroup.org.
Trusted Computing Group. Trusted Platform Module Specification, 2014. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
R. Wilkins and B. Richardson. UEFI Secure Boot in Modern Computer Security Solutions, 2013. http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf.
R. Yeluri and E. Castro-Leon. Building the Infrastructure for Cloud Security A Solutions View. Apress Inc., 2014.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Jayaram, K.R., Milenkoski, A., Kounev, S. (2017). Software Architectures for Self-protection in IaaS Clouds. In: Kounev, S., Kephart, J., Milenkoski, A., Zhu, X. (eds) Self-Aware Computing Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-47474-8_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-47474-8_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47472-4
Online ISBN: 978-3-319-47474-8
eBook Packages: Computer ScienceComputer Science (R0)