The Security in Cloud Computing
Towards Trusted Cloud Computing
Nuno Santos Krishna P. Gummadi Rodrigo Rodrigues
MPI-SWS
Abstract
Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. However, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation.
To address this problem we propose the design of a trusted cloud computing platform (TCCP). TCCP enables
Infrastructure as a Service (IaaS) providers such as Amazon EC2 to provide a closed box execution environment that guarantees confidential execution of guest virtual machines. Moreover, it allows users to attest to the IaaS provider and determine whether or not the service is secure before they launch their virtual machines.
1 Introduction
Companies can greatly reduce IT costs by offloading data and computation to cloud computing services. Still, many companies are reluctant to do so, mostly due to outstanding security concerns. A recent study [2] surveyed more than 500 chief executives and IT managers in 17 countries, and found that despite the potential benefits, executives “trust existing internal systems over cloud-based systems due to fear about security threats and loss of control of data and systems”. One of the most serious concerns is the possibility of confidentiality violations. Either maliciously or accidentally, cloud provider’s employees can tamper with or leak a company’s data. Such actions can severely damage the reputation or finances of a company.
In order to prevent confidentiality violations, cloud services’ customers might resort to encryption. While encryption is effective in securing data before it is stored at the provider, it cannot be applied in services where data is to be computed, since the unencrypted data must reside in the memory of the host running the computation.
In Infrastructure as a Service (IaaS) cloud services such as Amazon’s EC2, the provider
Nuno Santos Krishna P. Gummadi Rodrigo Rodrigues
MPI-SWS
Abstract
Cloud computing infrastructures enable companies to cut costs by outsourcing computations on-demand. However, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation.
To address this problem we propose the design of a trusted cloud computing platform (TCCP). TCCP enables
Infrastructure as a Service (IaaS) providers such as Amazon EC2 to provide a closed box execution environment that guarantees confidential execution of guest virtual machines. Moreover, it allows users to attest to the IaaS provider and determine whether or not the service is secure before they launch their virtual machines.
1 Introduction
Companies can greatly reduce IT costs by offloading data and computation to cloud computing services. Still, many companies are reluctant to do so, mostly due to outstanding security concerns. A recent study [2] surveyed more than 500 chief executives and IT managers in 17 countries, and found that despite the potential benefits, executives “trust existing internal systems over cloud-based systems due to fear about security threats and loss of control of data and systems”. One of the most serious concerns is the possibility of confidentiality violations. Either maliciously or accidentally, cloud provider’s employees can tamper with or leak a company’s data. Such actions can severely damage the reputation or finances of a company.
In order to prevent confidentiality violations, cloud services’ customers might resort to encryption. While encryption is effective in securing data before it is stored at the provider, it cannot be applied in services where data is to be computed, since the unencrypted data must reside in the memory of the host running the computation.
In Infrastructure as a Service (IaaS) cloud services such as Amazon’s EC2, the provider
References: In Proc. of USENIX-SS’06, Berkeley, CA, USA, 2006. In Proc. of NSDI’05, pages 273–286, Berkeley, CA, USA, 2005. In Proc. of SOSP’03, 2003. York, NY, USA, 2008. Computer Science, 2008. Architecture for the Xen Open-Source Hypervisor. In Proc. of ACSAC ’05, Washington, DC, USA, 2005.