An Implementation of Trusted Remote Attestation Oriented the IaaSCloud

  • Chunwen Li
  • Xu Wu
  • Chuanyi Liu
  • Xiaqing Xie
Part of the Communications in Computer and Information Science book series (CCIS, volume 320)


The hosting service model of cloud computing brings trustworthinessissue of cloud providers, which is a serious obstacle for wider adoption of cloud-based services. Based on open source components of TCG (Trusted Computing Group)and IBM’s IMA (Integrity Measurement Architecture), this paper designed and implementeda remote attestation architecture and protocol to verify the trustworthiness of users’ virtual machineinIaaS cloud. Meanwhile, as theverification agent, Trusted Third Partyminimized cloud configuration information disclosure, ensured the privacy of cloud.The experiments demonstratedthat this architecture brought little extra cost while provided trustworthiness guarantee.


trustworthiness remote attestation cloud computing IaaS virtual machine 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Robinson, N., Valeri, L., Cave, J., Starkey, T., Graux, H., Creese, S., Hopkins, P.: The Cloud: Understanding the Security, Privacy and Trust Challenges. RAND Corporation, California (2011)Google Scholar
  2. 2.
    Personal Data in the Cloud: the importance of trust,
  3. 3.
    Sailer, R., Zhang, X.L., Jaeger, T., Doorn, L.V.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: 13th USENIX Security Symposium, pp. 223–238. USENIX Association, Berkeley (2004)Google Scholar
  4. 4.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA:Policy-Reduced Integrity Measurement Architecture. In: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 19–28. ACM, New York (2006)CrossRefGoogle Scholar
  5. 5.
    Shi, E., Perrig, A., Doorn, L.V.: BIND: A Fine-grained Attestation Service for Secure Distributed Systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168. IEEE Press, New York (2005)Google Scholar
  6. 6.
    Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux Kernel Integrity Measurement Using Contextual Inspection. In: 2007 ACM Workshop on Scalable Trusted Computing, pp. 21–29. ACM, New York (2006)Google Scholar
  7. 7.
    Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.L.: Remote Attestation to Dynamic System Properties: Towards Providing Complete System Integrity Evidence. In: 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 115–124. IEEEPress, New York (2009)CrossRefGoogle Scholar
  8. 8.
    Davi, L., Sadeghi, A.R., Winandy, M.: Dynamic Integrity Measurement and Attestation: Towards Defense AgainstReturn-Oriented Programming Attacks. In: 2009 ACM workshop on Scalable Trusted Computing, pp. 49–54. ACM, New York (2009)CrossRefGoogle Scholar
  9. 9.
    Poritz, J., Schunter, M., Herreweghen, E.V., Waidner, M.: Property Attestation—Scalable and Privacy-friendly Security Assessment of Peer Computers. Technical Report 3548, IBM Research Zurich (2004)Google Scholar
  10. 10.
    Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Properties, not mechanisms. In: 2004 New Security Paradigms Workshop, pp. 67–77. ACM, New York (2004)Google Scholar
  11. 11.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A Protocol for Property-Based Attestation. In: 1st ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM, New York (2006)CrossRefGoogle Scholar
  12. 12.
    Kühn, U., Selhorst, M., Stüble, C.: Realizing Property-Based Attestation and Sealing with Commonly Available Hard- and Software. In: 2007 ACM Workshop on Scalable Trusted Computing, pp. 50–57. ACM, New York (2007)CrossRefGoogle Scholar
  13. 13.
    Qin, Y., Feng, D.G.: Component Property Based Remote Attestation. J. Software 20(6), 1625–1641 (2009)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Nagarajan, A., Varadharajan, V.: Modelling Dynamic Trust with Property Based Attestation in Trusted Platforms. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy XXIV. LNCS, vol. 6166, pp. 257–272. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Li, X.Y., Shen, C.X., Zuo, X.D.: An Efficient Attestation for Trustworthiness of Computing Platform. In: 2006 International Conference on Intelligent Information Hiding and Multimedia, pp. 625–630. IEEE Computer Society, Washington (2006)CrossRefGoogle Scholar
  16. 16.
    Gu, L., Ding, X.H., Deng, R.H., Zou, Y.Z., Xie, B., Shao, W.Z., Mei, H.: Model-Driven Remote Attestation: Attesting Remote System from Behavioral Aspect. In: 9th International Conference for Young Computer Scientists, pp. 2347–2353. IEEE Press, New York (2008)CrossRefGoogle Scholar
  17. 17.
    Wang, J., Wang, H.H., Tan, C.X.: RABBIF: Remote Attestation Based on Behavior and Information Flow. In: 2nd International Conference on Computer Engineering and Applications, pp. 18–22. IEEE Press, New York (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Chunwen Li
    • 1
    • 2
  • Xu Wu
    • 1
    • 2
    • 3
  • Chuanyi Liu
    • 1
  • Xiaqing Xie
    • 1
    • 2
  1. 1.Key Laboratory of Trustworthy Distributed Computing and Service (BUPT)Ministry of EducationBeijingChina
  2. 2.School of Computer ScienceBeijing University of Posts and TelecommunicationsBeijingChina
  3. 3.Beijing University of Posts and Telecommunications LibraryBeijingChina

Personalised recommendations