Software Architectures for Self-protection in IaaS Clouds

Jayaram, K. R.; Milenkoski, Aleksandar; Kounev, Samuel

doi:10.1007/978-3-319-47474-8_21

K. R. Jayaram⁵,
Aleksandar Milenkoski⁶ &
Samuel Kounev⁶

1832 Accesses
1 Citations

Abstract

In this chapter, we focus on software architectures for self-protection in IaaS clouds. IaaS clouds, especially hybrid clouds, are becoming increasingly popular because of the need for developers and enterprises to dynamically increase/decrease their use of computing resources to adapt quickly to market forces and customer demands, reduce costs, and increase fault tolerance. However, the adoption of public IaaS and hybrid clouds by enterprises is slower than expected because the current hybrid cloud infrastructures do not provide scalable and efficient mechanisms to prevent software tampering and configuration errors and ensure the trustworthiness and integrity of the software stack executing a hybrid application workload; or to enforce governmental privacy and audit regulations by ensuring that remote data and computation do not cross specified geographic boundaries. We discuss the recent research on integrating intrusion detection systems in IaaS infrastructures, as well as hardware-rooted integrity verification and geographic fencing to address the concerns outlined above.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 149.00; Price excludes VAT (USA)

Softcover Book: USD 199.99; Price excludes VAT (USA)

Hardcover Book: USD 199.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. vtpm: Virtualizing the trusted platform module. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS’06, Berkeley, CA, USA, 2006. USENIX Association.
Google Scholar
EU Framework 7 – TClouds Project. Trustworthy Clouds Privacy and Resilience for Internet-scale Critical Infrastructure, 2013. http://www.tclouds-project.eu/index.php/published-results/public-deliverables.
W. Futral and J. Greene. Intel Trusted Execution Technology for Server Platforms, 2014. http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/trusted-execution-technology-security-paper.pdf.
Benjamin Hindman, Andy Konwinski, Matei Zaharia, Ali Ghodsi, Anthony D. Joseph, Randy Katz, Scott Shenker, and Ion Stoica. Mesos: A platform for fine-grained resource sharing in the data center. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, NSDI’11, pages 295–308, Berkeley, CA, USA, 2011. USENIX Association.
Google Scholar
OpenStack. OpenStack Architecture, 2014. http://docs.openstack.org/training-guides/content/module001-ch004-openstack-architecture.html.
OpenStack. Nova Developer Documentation, 2014. http://docs.openstack.org/developer/nova/.
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, pages 16–16, Berkeley, CA, USA, 2004. USENIX Association.
Google Scholar
Malte Schwarzkopf, Andy Konwinski, Michael Abd-El-Malek, and John Wilkes. Omega: Flexible, scalable schedulers for large compute clusters. In Proceedings of the 8th ACM European Conference on Computer Systems, EuroSys ’13, pages 351–364, New York, NY, USA, 2013. ACM.
Google Scholar
Trusted Computing Group. Trusted Boot, 2014. http://www.trustedcomputinggroup.org/resources/trusted_boot.
Trusted Computing Group. Trusted Computing Group Web Portal, 2014. http://www.trustedcomputinggroup.org.
Trusted Computing Group. Trusted Platform Module Specification, 2014. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
R. Wilkins and B. Richardson. UEFI Secure Boot in Modern Computer Security Solutions, 2013. http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf.
R. Yeluri and E. Castro-Leon. Building the Infrastructure for Cloud Security A Solutions View. Apress Inc., 2014.
Google Scholar

Download references

Author information

Authors and Affiliations

IBM Thomas J. Watson Research Center, New York City, NY, USA
K. R. Jayaram
University of Wurzburg, Würzburg, Germany
Aleksandar Milenkoski & Samuel Kounev

Authors

K. R. Jayaram
View author publications
You can also search for this author in PubMed Google Scholar
Aleksandar Milenkoski
View author publications
You can also search for this author in PubMed Google Scholar
Samuel Kounev
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. R. Jayaram .

Editor information

Editors and Affiliations

University of Würzburg, Würzburg, Germany
Samuel Kounev
Thomas J. Watson Research Center, Hawthorne, New York, USA
Jeffrey O. Kephart
University of Würzburg, Würzburg, Germany
Aleksandar Milenkoski
VMWare Inc.Futurewei Technologies, Inc. , Santa Clara, California, USA
Xiaoyun Zhu

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Jayaram, K.R., Milenkoski, A., Kounev, S. (2017). Software Architectures for Self-protection in IaaS Clouds. In: Kounev, S., Kephart, J., Milenkoski, A., Zhu, X. (eds) Self-Aware Computing Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-47474-8_21

Download citation

DOI: https://doi.org/10.1007/978-3-319-47474-8_21
Published: 24 January 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47472-4
Online ISBN: 978-3-319-47474-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics