Skip to main content
SpringerLink
Log in

Lightweight Distributed Heterogeneous Attested Android Clouds

  • Conference paper
Trust and Trustworthy Computing (Trust 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7344))

Included in the following conference series:

Abstract

Moving local services into a network of Cloud nodes raises security concerns as this affects control over data and code execution. The Trusted Platform Module can help detect Cloud nodes running unknown software configurations. To achieve this, we propose a node join protocol that enforces remote attestation. We prototype our approach on both current x86 systems with Intel Trusted Execution Technology and on ARM hardware platforms. We use Android as common system software, and show that it is well suited to build a chain-of-trust.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Android x86 Team: Android-x86 - porting android to x86 (2011), http://www.android-x86.org/

  2. ARM Ltd.: TrustZone Technology Overview (2011), http://www.arm.com/products/esd/trustzone_home.html

  3. Azab, A.M., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 375–388. ACM, New York (2011), http://doi.acm.org/10.1145/2046707.2046752

    Google Scholar 

  4. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42, 40–47 (2008), http://doi.acm.org/10.1145/1341312.1341321

  5. Brown, A., Chase, J.S.: Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 15–20. ACM, New York (2011), http://doi.acm.org/10.1145/2046660.2046665

    Chapter  Google Scholar 

  6. Cooper, A., Martin, A.: Towards a secure, tamper-proof grid platform. In: Sixth IEEE International Symposium on Cluster Computing and the Grid, CCGRID 2006, vol. 1, p. 8 (2006), doi:10.1109/CCGRID.2006.103

    Google Scholar 

  7. Daniele Catteddu, G.H.: Cloud Computing benefits, risks and recommendations for information security. Tech. rep., European Network and Information Security Agency, ENISA (2009)

    Google Scholar 

  8. Danner, P., Hein, D.: A trusted computing identity collation protocol to simplify deployment of new disaster response devices. Journal of Universal Computer Science 16(9), 1139–1151 (2010)

    Google Scholar 

  9. Denk, W., et al.: Das u-boot – the universal boot loader (2010), http://www.denx.de/wiki/U-Boot

  10. Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing. In: Barthe, G., Fournet, C. (eds.) TGC 2007. LNCS, vol. 4912, pp. 156–168. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Duflot, L., Perez, Y.A.: Can you still trust your network card. CanSecWest 2010 (2010), http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf

  12. Duflot, L., Perez, Y.A.: Run-time firmware integrity verification: what if you can’t trust your network card? CanSecWest 2011 (2011), http://www.ssi.gouv.fr/IMG/pdf/Duflot-Perez_runtime-firmware-integrity-verification.pdf

  13. Freescale Semiconductor Inc.: i.mx51 evaluation kit (2010), http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MCIMX51EVKJ

  14. Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (February 2009)

    Google Scholar 

  15. Intel Corporation: Tboot - Trusted Boot (2008), http://sourceforge.net/projects/tboot/

  16. Krautheim, F.J., Phatak, D.S., Sherman, A.T.: Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 211–227. Springer, Heidelberg (2010), http://dl.acm.org/citation.cfm?id=1875652.1875667

    Chapter  Google Scholar 

  17. Löhr, H., Ramasamy, H.V., Sadeghi, A.-R., Schulz, S., Schunter, M., Stüble, C.: Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 372–384. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  18. Mao, W., Martin, A., Jin, H., Zhang, H.: Innovations for grid security from trusted computing (2009), http://dx.doi.org/10.1007/978-3-642-04904-0_18

  19. McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 23–32 (2006)

    Google Scholar 

  20. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)

    Google Scholar 

  21. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, pp. 315–328. ACM (2008)

    Google Scholar 

  22. Pirker, M., Toegl, R.: Trusted computing for the JavaTMplatform (2011), http://trustedjava.sourceforge.net/

  23. Pirker, M., Toegl, R., Gissing, M.: Dynamic Enforcement of Platform Integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  24. Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for Anonymity and Trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 101–119. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Pirker, M., Winter, J., Toegl, R.: Lightweight distributed attestation for the cloud. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, CLOSER (2012)

    Google Scholar 

  26. Podesser, S., Toegl, R.: A Software Architecture for Introducing Trust in Java-Based Clouds. In: Park, J.J., Lopez, J., Yeo, S.-S., Shon, T., Taniar, D. (eds.) STA 2011. CCIS, vol. 186, pp. 45–53. Springer, Heidelberg (2011), http://dx.doi.org/10.1007/978-3-642-22339-6_6

    Chapter  Google Scholar 

  27. Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing. USENIX Association, Berkeley, CA, USA (2009), http://dl.acm.org/citation.cfm?id=1855533.1855536

    Google Scholar 

  28. Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society Press, Washington, DC (2009)

    Google Scholar 

  29. Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 43–46. ACM, New York (2010), http://doi.acm.org/10.1145/1866835.1866843

    Chapter  Google Scholar 

  30. Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. J. Parallel Distrib. Comput. 66(9), 1189–1204 (2006)

    Article  MATH  Google Scholar 

  31. Tarnovsky, C.: Hacking the Smartcard Chip. In: Blackhat DC (2010), http://www.blackhat.com/html/bh-dc-10/bh-dc-10-briefings.html#Tarnovsky

  32. Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 326–345. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  33. Trusted Computing Group: TCG TPM Specification Version 1.2 (2007), https://www.trustedcomputinggroup.org/developers/

  34. Trusted Computing Group: Do You Know? A Few Notes on Trusted Computing Out in the World (2011), http://www.trustedcomputinggroup.org/community/2011/03/do_you_know_a_few_notes_on_trusted_computing_out_in_the_world

  35. Vejda, T., Toegl, R., Pirker, M., Winkler, T.: Towards Trust Services for Language-Based Virtual Machines for Grid Computing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 48–59. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  36. Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: mytrustedcloud: Trusted cloud infrastructure for security-critical computation and data managment. In: Proeedings of Cloudcom (2011) (in print)

    Google Scholar 

  37. Winter, J., Dietrich, K.: A Hijacker’s Guide to the LPC Bus. In: EuroPKI 2011 Proceedings (2011) (in print)

    Google Scholar 

  38. Wojtczuk, R., Rutkowska, J.: Attacking Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf

  39. Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another Way to Circumvent Intel Trusted Execution Technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, 8010, Graz, Austria

    Martin Pirker, Johannes Winter & Ronald Toegl

Authors
  1. Martin Pirker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johannes Winter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ronald Toegl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Technical University Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Stefan Katzenbeisser  & Melanie Volkamer  & 

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

  3. School of Informatics, Indiana University, 901 East Tenth Street, 47405, Bloomington, IN, USA

    L. Jean Camp

  4. Department of Computer Science, University of North Carolina at Chapel Hill, 201 S. Columbia Street UNH-CH, 27599-3175, Chapel Hill, NC, USA

    Mike Reiter

  5. Huawei America R&D, 2330 Central Expressway, 95050, Santa Clara, CA, USA

    Xinwen Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pirker, M., Winter, J., Toegl, R. (2012). Lightweight Distributed Heterogeneous Attested Android Clouds. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30921-2_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30920-5

  • Online ISBN: 978-3-642-30921-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation