Abstract
Moving local services into a network of Cloud nodes raises security concerns as this affects control over data and code execution. The Trusted Platform Module can help detect Cloud nodes running unknown software configurations. To achieve this, we propose a node join protocol that enforces remote attestation. We prototype our approach on both current x86 systems with Intel Trusted Execution Technology and on ARM hardware platforms. We use Android as common system software, and show that it is well suited to build a chain-of-trust.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Android x86 Team: Android-x86 - porting android to x86 (2011), http://www.android-x86.org/
ARM Ltd.: TrustZone Technology Overview (2011), http://www.arm.com/products/esd/trustzone_home.html
Azab, A.M., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 375–388. ACM, New York (2011), http://doi.acm.org/10.1145/2046707.2046752
Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42, 40–47 (2008), http://doi.acm.org/10.1145/1341312.1341321
Brown, A., Chase, J.S.: Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 15–20. ACM, New York (2011), http://doi.acm.org/10.1145/2046660.2046665
Cooper, A., Martin, A.: Towards a secure, tamper-proof grid platform. In: Sixth IEEE International Symposium on Cluster Computing and the Grid, CCGRID 2006, vol. 1, p. 8 (2006), doi:10.1109/CCGRID.2006.103
Daniele Catteddu, G.H.: Cloud Computing benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, ENISA (2009)
Danner, P., Hein, D.: A trusted computing identity collation protocol to simplify deployment of new disaster response devices. Journal of Universal Computer Science 16(9), 1139–1151 (2010)
Denk, W., et al.: Das u-boot – the universal boot loader (2010), http://www.denx.de/wiki/U-Boot
Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing. In: Barthe, G., Fournet, C. (eds.) TGC 2007. LNCS, vol. 4912, pp. 156–168. Springer, Heidelberg (2008)
Duflot, L., Perez, Y.A.: Can you still trust your network card. CanSecWest 2010 (2010), http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf
Duflot, L., Perez, Y.A.: Run-time firmware integrity verification: what if you can’t trust your network card? CanSecWest 2011 (2011), http://www.ssi.gouv.fr/IMG/pdf/Duflot-Perez_runtime-firmware-integrity-verification.pdf
Freescale Semiconductor Inc.: i.mx51 evaluation kit (2010), http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MCIMX51EVKJ
Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (February 2009)
Intel Corporation: Tboot - Trusted Boot (2008), http://sourceforge.net/projects/tboot/
Krautheim, F.J., Phatak, D.S., Sherman, A.T.: Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 211–227. Springer, Heidelberg (2010), http://dl.acm.org/citation.cfm?id=1875652.1875667
Löhr, H., Ramasamy, H.V., Sadeghi, A.-R., Schulz, S., Schunter, M., Stüble, C.: Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 372–384. Springer, Heidelberg (2007)
Mao, W., Martin, A., Jin, H., Zhang, H.: Innovations for grid security from trusted computing (2009), http://dx.doi.org/10.1007/978-3-642-04904-0_18
McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 23–32 (2006)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)
McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, pp. 315–328. ACM (2008)
Pirker, M., Toegl, R.: Trusted computing for the JavaTMplatform (2011), http://trustedjava.sourceforge.net/
Pirker, M., Toegl, R., Gissing, M.: Dynamic Enforcement of Platform Integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)
Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for Anonymity and Trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 101–119. Springer, Heidelberg (2009)
Pirker, M., Winter, J., Toegl, R.: Lightweight distributed attestation for the cloud. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, CLOSER (2012)
Podesser, S., Toegl, R.: A Software Architecture for Introducing Trust in Java-Based Clouds. In: Park, J.J., Lopez, J., Yeo, S.-S., Shon, T., Taniar, D. (eds.) STA 2011. CCIS, vol. 186, pp. 45–53. Springer, Heidelberg (2011), http://dx.doi.org/10.1007/978-3-642-22339-6_6
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. USENIX Association, Berkeley, CA, USA (2009), http://dl.acm.org/citation.cfm?id=1855533.1855536
Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society Press, Washington, DC (2009)
Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 43–46. ACM, New York (2010), http://doi.acm.org/10.1145/1866835.1866843
Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. J. Parallel Distrib. Comput. 66(9), 1189–1204 (2006)
Tarnovsky, C.: Hacking the Smartcard Chip. In: Blackhat DC (2010), http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html#Tarnovsky
Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 326–345. Springer, Heidelberg (2011)
Trusted Computing Group: TCG TPM Specification Version 1.2 (2007), https://www.trustedcomputinggroup.org/developers/
Trusted Computing Group: Do You Know? A Few Notes on Trusted Computing Out in the World (2011), http://www.trustedcomputinggroup.org/community/2011/03/do_you_know_a_few_notes_on_trusted_computing_out_in_the_world
Vejda, T., Toegl, R., Pirker, M., Winkler, T.: Towards Trust Services for Language-Based Virtual Machines for Grid Computing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 48–59. Springer, Heidelberg (2008)
Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: mytrustedcloud: Trusted cloud infrastructure for security-critical computation and data managment. In: Proeedings of Cloudcom (2011) (in print)
Winter, J., Dietrich, K.: A Hijacker’s Guide to the LPC Bus. In: EuroPKI 2011 Proceedings (2011) (in print)
Wojtczuk, R., Rutkowska, J.: Attacking Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf
Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another Way to Circumvent Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pirker, M., Winter, J., Toegl, R. (2012). Lightweight Distributed Heterogeneous Attested Android Clouds. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-30921-2_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30920-5
Online ISBN: 978-3-642-30921-2
eBook Packages: Computer ScienceComputer Science (R0)