SlideShare a Scribd company logo

A Trusted IaaS Environment with Hardware Security Module

Download as DOCX, PDF
N
nexgentechnology

bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry Nexgen Technology Address: Nexgen Technology No :66,4th cross,Venkata nagar, Near SBI ATM, Puducherry. Email Id: praveen@nexgenproject.com. www.nexgenproject.com Mobile: 9751442511,9791938249 Telephone: 0413-2211159. NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km

Education
1 of 14
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE Abstract—With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentially malicious privileged domains or cloud administrators. Within a securely isolated execution environment, the hardware security module provides essential security functionality with only restricted interfaces exposed to vulnerable management systems or cloud administrators. Such restriction prevents cloud administrators from affecting the security of guest VMs. The proposed architecture not only defends against wide attack vectors but also achieves a small TCB. This paper discusses our hardware and software implementation of the proposed cloud architecture, analyzes its security, and presents its performance results. EXISTING SYSTEM:
There have been many prior studies that aimed to enhance the security of cloud architecture. Here, we discuss several studies focused on hardening virtualization environments and enhancing the security of guest VMs, followed by enforcement to launch VMs on a verified platform. Hardening virtualization components. To enable virtualization, VMM and a privileged domain are essential components. Hardening such components is a stepping stone toward the security of virtualization. Bleikertz et al. protects VMM by a policy enforcement scheme adopted in SELinux. Several studies focused on reducing TCB since a small TCB implies that the system has a narrow attack surface. Murray et al. reconstructed privileged domain components to reduce TCB. Since the security processes in the privileged domain were moved to a separated domain and the domain was smaller than the privileged domain, overall TCB was reduced. Gebhardt et al. exploited Virtual Machine eXtension (VMX) for hardening VMM. By segregating code blocks in VMM by hardware, the TCB of the overall system was reduced. Enhancing the security of guest VMs. Since the concept of cloud-box execution was introduced, several implementations have been proposed. To ensure an execution environment protected from a compromised privileged domain and a malicious administrator, an addition domain or a modified VMM was used. However, to secure storage of guest VMs, a cloud user should encrypt VM images or should deliver a master key for cryptographic operations. That such actions were
burdens for cloud users was not considered in prior work. In contrast, the proposed system deploys VMs with pre-made images in a cloud repository and delivers cryptographic keys by a cloud system. Thus, cloud users are free from such burdens. Adopting an additional domain provides flexibility to manage guest VMs, such as for encrypting images and for virtual machine introspection (VMI). PROPOSED SYSTEM: In this paper makes the following contributions. _ We propose a trusted cloud system providing restricted interfaces to cloud administrators. By providing a hardware security module supporting special storage which is inaccessible to cloud administrators, security-critical data in the hardware are isolated. Such restriction prevents malicious cloud administrators from a_ecting the security of guest VMs. _ The proposed system provides a secure connection scheme between a user and an allocated VM. Is also enables a cloud user to verify the allocated VM as well as the VMM where the allocated VM runs before the first connection. Moreover, the connection between a cloud user and an allocated VM is secured by exchanging keys.
_ The proposed system provides a secure storage scheme. To protect VM guest images from cloud administrators, the cloud system should isolate the cryptographic environment as well as a cryptographic key and integrity data. Since the cryptographic environment is not by privileged domains, VM images of guest VMs are protected in the proposed system. _ The proposed system provides a secure management scheme. Since a management operation is triggered by a cloud user, and the result of the operation is reported to the user, a cloud user knows the exact VM state. Therefore, cloud administrators cannot change the VM state at their discretion. _ The protocols in this paper are verified by an automatic protocol verification tool. When a communication protocol is not designed correctly, a malicious entity can compromise the protocol and take control of communication. We verified that the protocols are correctly designed with an automatic verification tool. Module 1 Cloud computing Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. There are four basic cloud delivery models, as outlined by NIST (Badger et al., 2011), based on who provides the cloud services. The agencies may
employ one model or a combination of different models for efficient and optimized delivery of applications and business services. These four delivery models are: (i) Private cloud in which cloud services are provided solely for an organization and are managed by the organization or a third party. These services may exist off-site. (ii) Public cloud in which cloud services are available to the public and owned by an organization selling the cloud services, for example, Amazon cloud service. (iii) Community cloud in which cloud services are shared by several organizations for supporting a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). These services may be managed by the organizations or a third party and may exist offsite. A Special case of Community cloud is The Government or G-Cloud. This type of cloud computing is provided by one or more agencies (service provider role), for use by all, or most, government agencies (user role). (iv) Hybrid cloud which is a composition of different cloud computing infrastructure (public, private or community). An example for hybrid cloud is the data stored in private cloud of a travel agency that is manipulated by a program running in the public cloud. Module 2 System Design
We propose a new cloud architecture protecting the security of guest VMs against potentially malicious cloud administrators by isolating security-critical processes. This isolation is accomplished by providing restricted interfaces to a privileged domain. This architectural isolation guarantees that: a) a secure connection exists between a cloud user and an allocated VM, b) a secure cryptographic environment exists for VM images as well as for cryptographic keys and integrity (hash) data, and c) there is a secure management of guest VMs. The proposed cloud architecture includes cloud nodes and a trusted 3rd party authority called device authority (DA). DA verifies each cloud node and lets a cloud user know whether a VM of the cloud user is running on a verified node. Each cloud node consists of a VMM called Trusted VMM (TVMM) and of a hardware security. TVMM is a security-enhanced VMM isolating several data for guest VMs from cloud administrators. TVMM encrypts the guest VM images with cryptographic keys delivered by TCM, and enables a secure connection between a cloud user and an allocated VM. TVMM also validates a management operation triggered by a cloud user. TCM is a hardware based security module supporting an isolated environment, and performs several security processes, such as signing and validation checking, within the isolated environment. TCM also provides special storage for keys and data. The biggest difference from existing security hardware is the privilege on the storage. A single root user (a cloud administrator in a cloud
service context) has a root privilege on the storage of existing security hardware, whereas a cloud user has a privilege only on their TCM data. Therefore, the data in storage can neither be accessed nor deleted, even by a cloud administrator. In particular, the proposed architecture provides the following capabilities. _ Interface isolation: The proposed system provides restricted interfaces to a privileged domain to isolate security-critical processes and data from the privileged domain. It also provides security-critical interfaces only to a verified VMM. _ Secure connection: The proposed system guarantees a secure connection between a cloud user and an allocated VM. _ Secure storage: The proposed system guarantees a protected cryptographic environment for guest VM images. _ Secure management: The proposed system delegates a VM management privilege to a cloud user, and provides a way to check the completion of the management request. Module 3 Interface isolation
The main goal of the propose architecture is to isolate security critical processes and data from cloud administrators. Since the proposed architecture does not count on privileged domains, security processes are performed in TCM and TVMM. Therefore, the private data in TCM are accessed only by TCM itself and TVMM. On the other hand, a privileged domain also needs to access TCM for system managements. Accessing TCM from a privileged domain, however, jeopardizes the security of guest VMs. To resolve this dilemma, the proposed system supports dual interfaces which expose different interfaces, management and security-critical interfaces, to a privileged domain and TVMM respectively. Management interface is a set of interfaces for initiating VM creation, destruction, and attestation. Therefore, the management interface is used by a privileged domain and includes following functions which are unrelated to accessing private data of guest VMs. Although the privileged domain initiates the management operations, any security- sensitive operations are conducted within TCM, protecting the private data. Measurement and reporting: TCM supports an attestation function including system measurement and reporting as TPM does. TCM stores system measurement values in special registers called platform configuration registers (PCRs) and returns a quoted blob. Since the measurement values are the calculated hash values of platform software stacks, an external entity is able to attest the platform where TCM is equipped.
_ Entrusted attestation: After the system boots, only measurement and reporting and entrusted attestation functions are available to a privileged domain, but other functions remain unavailable. They become available only after verifying system states with the entrusted attestation performed via the management interface. _ Managing VSC: TCM maintains a data structure called VM security context (VSC), which contains securitycritical data for each VM. VSC has cryptographic keys for disk encryption, and has the integrity data of VM images. Even though the keys and integrity data are read and modified via a security-critical interface, allocation and deallocation are accomplished via the management interface. Security critical interface is accessible only from the verified TVMM to provide security related functionality. To be specific, the following functions are provided. _ Accessing cryptographic keys and integrity data: TCM creates cryptographic keys for VM images and integrity data of the images, and stores them in VSC. The keys and integrity data are accessible from TVMM, which is verified with the entrusted attestation scheme before accessing the keys and integrity data. _ Signing initial guest image hash: To guarantee that a cloud user connects to a correct VM on the attested platform, the user should be able to check the initial guest image hash. The guest image hash is signed by the AIK of TCM to prevent forgery, and is verified by DA afterwards. This function is used for the secure connection between users and TCM, as described in the following section.
_ Management request validation: A cloud user sends a management operation to a cloud node. When such an operation is not triggered by a valid cloud user, the VM state of a cloud user could be changed arbitrarily. Thus, this function is used for validating the owner of a guest VM as described in x3.4. In the proposed system architecture, the system BIOS, bootloader, and VMM are also part of the TCB, in addition to TCM. Although TCM itself is verified and cannot be changed in an isolated environment, the other system software stack must be verified to guarantee the trustworthiness of the entire cloud system. TCM grants VMM accesses to security sensitive services only if the VMM is verified to be a known-correct TVMM. Since the TVMM denies any access from a privileged Module 4 Secure connection To establish a secure connection between a cloud user and an allocated VM, there are three equirements. First, a cloud user should attest the platform where the allocated VM is running. Second, a cloud user should attest the allocated VM images. Third, a cloud user should receive a VM server key (e.g., SSH server key of the VM) and set a user key (e.g., user key of SSH server) securely in the allocated VM. To meet these requirements, we define a secure connection protocol
and summarize keys in the protocol. Since platform information and VM image information includes ash values that a cloud user does not know, the cloud user communicates to DA and DA translates such hash values into human recognizable information according to the protocol. DA communicates to TCM with a session key created by the entrusted verification protocol. During the entrusted verification process, DA attests the platform meeting the first requirement. To meet the second requirement, the proposed system stores the hashes of initial images during initial deployment, and the hashes are verified by DA afterward to ensure the initial integrity of VM images. In most cloud services, pre-made VM images are used to launch a new VM. Even though they exist as unencrypted images in the cloud repository, they are encrypted with a cryptographic key in VSC before the first launch. During the encryption process, the initial integrity hash value is calculated and stored in VSC. The hash value is delivered to DA in Step 9, and DA translates the hash value to VM image information such as OS version and software stacks. The VM image information is delivered to the cloud user in Step 10 and the cloud user is able to check the allocated VM images. To meet the third requirement, a VM server key and a user key are also exchanged securely with the proposed protocol. For major cloud service vendors, cloud systems create user keys and stores them in their server. Afterwards, an allocated VM downloads the user key via HTTP. Accordingly, cloud administrators can access the stored user key.
Contrary to such an approach, with the proposed protocol, a cloud user creates a pair of cryptographic keys and delivers the public part of the key to the allocated VM. The user key is denoted by UK. Since the user key is asymmetric, the private part of the user key is and is never revealed. The VM server key denoted by VK is created by the OS of the allocated VM and is delivered to the cloud user via the protocol. Therefore, only the cloud user is able to connect to the allocated VM. Once a VM server key and a user key are exchanged, the communication between a cloud user and an allocated VM is secured by a public key protocol such as the Needham- Schroeder-Lowe protocol. CONCLUSION Security is a primary consideration for cloud users. Even though security threats by cloud administrators are feasible and critical, cloud service providers are mainly concerned with security threats from external attacks rather than internal attacks. This viewpoint hinders the proliferation of cloud computing. In this paper was presented a cloud system architecture consisting of TCM and TVMM to prevent cloud administrators from a_ecting the security of guest VMs. As the architecture isolates the data of cloud users from cloud administrators, the data of cloud users are protected even with a
compromised privileged domain or malicious cloud administrators. The proposed system provides security functionality against wide attack vectors and achieves a small TCB. It also shows reasonable I/O performance, proving its feasibility. REFERENCES [1] D. G. Murray, G. Milos, and S. Hand, “Improving xen security through disaggregation,” in Proceedings of the 4th ACM SIGPLAN/SIGOPS international conference on Virtual Execution Environments (VEE), 2008, pp. 151–160. [2] N. Santos, K. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in Proceedings of the 2009 conference on Hot topics in cloud computing (HOTCLOUD), 2009. [3] L. Chunxiao, A. Raghunathan, and N. Jha, “Secure virtual machine execution under an untrusted management OS,” in Proceedings of IEEE 3rd International Conference on Cloud Computing (CLOUD), 2010, pp. 172–179. [4] S. Butt, H. A. Lagar-Cavilla, A. Srivastava, and V. Ganapathy, “Selfservice cloud computing,” in Proceedings of the 2012 ACM conference on Computer and Communications Security (CCS), 2012, pp. 253–264.
[5] J. Kong, “Protecting the confidentiality of virtual machines against untrusted host,” in 2010 International Symposium on Intelligence Information Processing and Trusted Computing (IPTC), 2010, pp. 364–368. [6] “TCG architecture overview, version 1.4,” http://www.trustedc omputinggroup.org/resources/. [7] B. D. Payne, M. D. de Carbone, and W. Lee, “Secure and flexible monitoring of virtual machines,” in proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), 2007, pp. 385– 397. [8] Chunxiao Li, A. Raghunathan, and Niraj K. Jha, “A trusted virtual machine in an untrusted management environment,” IEEE Transactions on Services Computing, vol. 5, no. 4, pp. 472–483, 2012. [9] Y. Xia, Y. Liu, H. Chen, and B. Zang, “Defending against VM rollback attack,” in Proceedings of 42nd IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 2012, pp. 1–5. [10] “Amazon elastic compute cloud (EC2),” http://aws.amazon.com/ec2/. [11] J. Choi, J. Park, J. Seol, and S. Maeng, “Isolated mini-domain for trusted cloud computing,” in Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), 2013, pp. 194–195.

Recommended

Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...
IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...
IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...IRJET Journal
 
Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET Journal
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudSuraj Mehta
 

Recommended

Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...
IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...
IRJET- Analysis of Cloud Security and Performance for Leakage of Critical...IRJET Journal
 
Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET Journal
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudSuraj Mehta
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfOpenStack Foundation
 
Session 9 Tp 9
Session 9 Tp 9Session 9 Tp 9
Session 9 Tp 9githe26200
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security MechanismsMohammed Sajjad Ali
 
Fs2510501055
Fs2510501055Fs2510501055
Fs2510501055IJERA Editor
 
Distributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudDistributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudChanakya Chandu
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutionsIJCNCJournal
 
Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Abdul Rasheed Feroz Khan
 
improve cloud security
improve cloud securityimprove cloud security
improve cloud securityBalkees Shereek
 
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...IJIR JOURNALS IJIRUSA
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsNexgen Technology
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudGowthami Konakanchi
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Fog doc
Fog doc Fog doc
Fog doc priyanka reddy
 
489 493
489 493489 493
489 493Editor IJARCET
 
Discovering Key Moments from Social Media Streams
Discovering Key Moments from Social Media StreamsDiscovering Key Moments from Social Media Streams
Discovering Key Moments from Social Media StreamsCody Buntain
 
Emily_Northrup PortfolioPieces
Emily_Northrup PortfolioPiecesEmily_Northrup PortfolioPieces
Emily_Northrup PortfolioPiecesEmily Northrup
 
2nd creative factory project 2nd stage
2nd creative factory project 2nd stage2nd creative factory project 2nd stage
2nd creative factory project 2nd stageTa No
 
The Top Attractions in Denver
The Top Attractions in DenverThe Top Attractions in Denver
The Top Attractions in Denver49ThingstoDo
 
Correctional Reentry Services at VOA
Correctional Reentry Services at VOACorrectional Reentry Services at VOA
Correctional Reentry Services at VOARobert P. Givens
 

More Related Content

What's hot

Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfOpenStack Foundation
 
Session 9 Tp 9
Session 9 Tp 9Session 9 Tp 9
Session 9 Tp 9githe26200
 
Distributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudDistributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudChanakya Chandu
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutionsIJCNCJournal
 
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...IJIR JOURNALS IJIRUSA
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsNexgen Technology
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudGowthami Konakanchi
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
 

What's hot (17)

Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdf
 
Session 9 Tp 9
Session 9 Tp 9Session 9 Tp 9
Session 9 Tp 9
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
 
Fs2510501055
Fs2510501055Fs2510501055
Fs2510501055
 
Distributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudDistributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloud
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSSECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
 
Cloud computing challenges and solutions
Cloud computing challenges and solutionsCloud computing challenges and solutions
Cloud computing challenges and solutions
 
Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Smart cloud - single to multi cloud
Smart cloud - single to multi cloud
 
improve cloud security
improve cloud securityimprove cloud security
improve cloud security
 
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
Ijirsm bhargavi-ka-robust-distributed-security-using-stateful-csg-based-distr...
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
SecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the CloudsSecRBAC: Secure data in the Clouds
SecRBAC: Secure data in the Clouds
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloud
 
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...
 
Fog doc
Fog doc Fog doc
Fog doc
 
489 493
489 493489 493
489 493
 

Viewers also liked

Discovering Key Moments from Social Media Streams
Discovering Key Moments from Social Media StreamsDiscovering Key Moments from Social Media Streams
Discovering Key Moments from Social Media StreamsCody Buntain
 
Emily_Northrup PortfolioPieces
Emily_Northrup PortfolioPiecesEmily_Northrup PortfolioPieces
Emily_Northrup PortfolioPiecesEmily Northrup
 
2nd creative factory project 2nd stage
2nd creative factory project 2nd stage2nd creative factory project 2nd stage
2nd creative factory project 2nd stageTa No
 
The Top Attractions in Denver
The Top Attractions in DenverThe Top Attractions in Denver
The Top Attractions in Denver49ThingstoDo
 
Correctional Reentry Services at VOA
Correctional Reentry Services at VOACorrectional Reentry Services at VOA
Correctional Reentry Services at VOARobert P. Givens
 
Title Card Making
Title Card Making Title Card Making
Title Card Making DIDI1998sdf
 
фидель кастро.горелкин.
фидель кастро.горелкин.фидель кастро.горелкин.
фидель кастро.горелкин.Tretyakova
 
عروض عيد ميلاد كارفور
عروض عيد ميلاد كارفورعروض عيد ميلاد كارفور
عروض عيد ميلاد كارفورNour Elbader
 
князева а
князева акнязева а
князева а16072010
 
عروض كارفور مصر
عروض كارفور مصرعروض كارفور مصر
عروض كارفور مصرNour Elbader
 
22. Горад у ІХ-сярэдзіне ХІІІ ст.
22. Горад у ІХ-сярэдзіне ХІІІ ст.22. Горад у ІХ-сярэдзіне ХІІІ ст.
22. Горад у ІХ-сярэдзіне ХІІІ ст.AnastasiyaF
 

Viewers also liked (16)

Discovering Key Moments from Social Media Streams
Discovering Key Moments from Social Media StreamsDiscovering Key Moments from Social Media Streams
Discovering Key Moments from Social Media Streams
 
Emily_Northrup PortfolioPieces
Emily_Northrup PortfolioPiecesEmily_Northrup PortfolioPieces
Emily_Northrup PortfolioPieces
 
2nd creative factory project 2nd stage
2nd creative factory project 2nd stage2nd creative factory project 2nd stage
2nd creative factory project 2nd stage
 
The Top Attractions in Denver
The Top Attractions in DenverThe Top Attractions in Denver
The Top Attractions in Denver
 
Correctional Reentry Services at VOA
Correctional Reentry Services at VOACorrectional Reentry Services at VOA
Correctional Reentry Services at VOA
 
Title Card Making
Title Card Making Title Card Making
Title Card Making
 
Eveanna's Portfolio
Eveanna's PortfolioEveanna's Portfolio
Eveanna's Portfolio
 
фидель кастро.горелкин.
фидель кастро.горелкин.фидель кастро.горелкин.
фидель кастро.горелкин.
 
Ionic3
Ionic3Ionic3
Ionic3
 
عروض عيد ميلاد كارفور
عروض عيد ميلاد كارفورعروض عيد ميلاد كارفور
عروض عيد ميلاد كارفور
 
Noor
NoorNoor
Noor
 
князева а
князева акнязева а
князева а
 
عروض كارفور مصر
عروض كارفور مصرعروض كارفور مصر
عروض كارفور مصر
 
22. Горад у ІХ-сярэдзіне ХІІІ ст.
22. Горад у ІХ-сярэдзіне ХІІІ ст.22. Горад у ІХ-сярэдзіне ХІІІ ст.
22. Горад у ІХ-сярэдзіне ХІІІ ст.
 
Profe david
Profe davidProfe david
Profe david
 
Quick reference for cql
Quick reference for cqlQuick reference for cql
Quick reference for cql
 

Similar to A Trusted IaaS Environment with Hardware Security Module

Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformsPrabhat gangwar
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsKamal Spring
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guaranteesKamal Spring
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityJason Proctor
 
A survey on Improvement of virtual network communication security of trusted ...
A survey on Improvement of virtual network communication security of trusted ...A survey on Improvement of virtual network communication security of trusted ...
A survey on Improvement of virtual network communication security of trusted ...ijsrd.com
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentIJTET Journal
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformspurplesea
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...cscpconf
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...csandit
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Cloud management
Cloud managementCloud management
Cloud managementsurbhi jha
 
Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing IJECEIAES
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 

Similar to A Trusted IaaS Environment with Hardware Security Module (20)

Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
Providing user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure cloudsProviding user security guarantees in public infrastructure clouds
Providing user security guarantees in public infrastructure clouds
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud Security
 
A survey on Improvement of virtual network communication security of trusted ...
A survey on Improvement of virtual network communication security of trusted ...A survey on Improvement of virtual network communication security of trusted ...
A survey on Improvement of virtual network communication security of trusted ...
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
 
REPORT1 new
REPORT1 newREPORT1 new
REPORT1 new
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
SECURITY AND PRIVACY OF SENSITIVE DATA IN CLOUD COMPUTING: A SURVEY OF RECENT...
 
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
Security and Privacy of Sensitive Data in Cloud Computing : A Survey of Recen...
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishek
 
Cloud management
Cloud managementCloud management
Cloud management
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEW
 
Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing Migration of Virtual Machine to improve the Security in Cloud Computing
Migration of Virtual Machine to improve the Security in Cloud Computing
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
 
Paper published
Paper published Paper published
Paper published
 
CLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGECLOUD COMPUTING AND STORAGE
CLOUD COMPUTING AND STORAGE
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 

Recently uploaded

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

A Trusted IaaS Environment with Hardware Security Module

  • 1. A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE Abstract—With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentially malicious privileged domains or cloud administrators. Within a securely isolated execution environment, the hardware security module provides essential security functionality with only restricted interfaces exposed to vulnerable management systems or cloud administrators. Such restriction prevents cloud administrators from affecting the security of guest VMs. The proposed architecture not only defends against wide attack vectors but also achieves a small TCB. This paper discusses our hardware and software implementation of the proposed cloud architecture, analyzes its security, and presents its performance results. EXISTING SYSTEM:
  • 2. There have been many prior studies that aimed to enhance the security of cloud architecture. Here, we discuss several studies focused on hardening virtualization environments and enhancing the security of guest VMs, followed by enforcement to launch VMs on a verified platform. Hardening virtualization components. To enable virtualization, VMM and a privileged domain are essential components. Hardening such components is a stepping stone toward the security of virtualization. Bleikertz et al. protects VMM by a policy enforcement scheme adopted in SELinux. Several studies focused on reducing TCB since a small TCB implies that the system has a narrow attack surface. Murray et al. reconstructed privileged domain components to reduce TCB. Since the security processes in the privileged domain were moved to a separated domain and the domain was smaller than the privileged domain, overall TCB was reduced. Gebhardt et al. exploited Virtual Machine eXtension (VMX) for hardening VMM. By segregating code blocks in VMM by hardware, the TCB of the overall system was reduced. Enhancing the security of guest VMs. Since the concept of cloud-box execution was introduced, several implementations have been proposed. To ensure an execution environment protected from a compromised privileged domain and a malicious administrator, an addition domain or a modified VMM was used. However, to secure storage of guest VMs, a cloud user should encrypt VM images or should deliver a master key for cryptographic operations. That such actions were
  • 3. burdens for cloud users was not considered in prior work. In contrast, the proposed system deploys VMs with pre-made images in a cloud repository and delivers cryptographic keys by a cloud system. Thus, cloud users are free from such burdens. Adopting an additional domain provides flexibility to manage guest VMs, such as for encrypting images and for virtual machine introspection (VMI). PROPOSED SYSTEM: In this paper makes the following contributions. _ We propose a trusted cloud system providing restricted interfaces to cloud administrators. By providing a hardware security module supporting special storage which is inaccessible to cloud administrators, security-critical data in the hardware are isolated. Such restriction prevents malicious cloud administrators from a_ecting the security of guest VMs. _ The proposed system provides a secure connection scheme between a user and an allocated VM. Is also enables a cloud user to verify the allocated VM as well as the VMM where the allocated VM runs before the first connection. Moreover, the connection between a cloud user and an allocated VM is secured by exchanging keys.
  • 4. _ The proposed system provides a secure storage scheme. To protect VM guest images from cloud administrators, the cloud system should isolate the cryptographic environment as well as a cryptographic key and integrity data. Since the cryptographic environment is not by privileged domains, VM images of guest VMs are protected in the proposed system. _ The proposed system provides a secure management scheme. Since a management operation is triggered by a cloud user, and the result of the operation is reported to the user, a cloud user knows the exact VM state. Therefore, cloud administrators cannot change the VM state at their discretion. _ The protocols in this paper are verified by an automatic protocol verification tool. When a communication protocol is not designed correctly, a malicious entity can compromise the protocol and take control of communication. We verified that the protocols are correctly designed with an automatic verification tool. Module 1 Cloud computing Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. There are four basic cloud delivery models, as outlined by NIST (Badger et al., 2011), based on who provides the cloud services. The agencies may
  • 5. employ one model or a combination of different models for efficient and optimized delivery of applications and business services. These four delivery models are: (i) Private cloud in which cloud services are provided solely for an organization and are managed by the organization or a third party. These services may exist off-site. (ii) Public cloud in which cloud services are available to the public and owned by an organization selling the cloud services, for example, Amazon cloud service. (iii) Community cloud in which cloud services are shared by several organizations for supporting a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). These services may be managed by the organizations or a third party and may exist offsite. A Special case of Community cloud is The Government or G-Cloud. This type of cloud computing is provided by one or more agencies (service provider role), for use by all, or most, government agencies (user role). (iv) Hybrid cloud which is a composition of different cloud computing infrastructure (public, private or community). An example for hybrid cloud is the data stored in private cloud of a travel agency that is manipulated by a program running in the public cloud. Module 2 System Design
  • 6. We propose a new cloud architecture protecting the security of guest VMs against potentially malicious cloud administrators by isolating security-critical processes. This isolation is accomplished by providing restricted interfaces to a privileged domain. This architectural isolation guarantees that: a) a secure connection exists between a cloud user and an allocated VM, b) a secure cryptographic environment exists for VM images as well as for cryptographic keys and integrity (hash) data, and c) there is a secure management of guest VMs. The proposed cloud architecture includes cloud nodes and a trusted 3rd party authority called device authority (DA). DA verifies each cloud node and lets a cloud user know whether a VM of the cloud user is running on a verified node. Each cloud node consists of a VMM called Trusted VMM (TVMM) and of a hardware security. TVMM is a security-enhanced VMM isolating several data for guest VMs from cloud administrators. TVMM encrypts the guest VM images with cryptographic keys delivered by TCM, and enables a secure connection between a cloud user and an allocated VM. TVMM also validates a management operation triggered by a cloud user. TCM is a hardware based security module supporting an isolated environment, and performs several security processes, such as signing and validation checking, within the isolated environment. TCM also provides special storage for keys and data. The biggest difference from existing security hardware is the privilege on the storage. A single root user (a cloud administrator in a cloud
  • 7. service context) has a root privilege on the storage of existing security hardware, whereas a cloud user has a privilege only on their TCM data. Therefore, the data in storage can neither be accessed nor deleted, even by a cloud administrator. In particular, the proposed architecture provides the following capabilities. _ Interface isolation: The proposed system provides restricted interfaces to a privileged domain to isolate security-critical processes and data from the privileged domain. It also provides security-critical interfaces only to a verified VMM. _ Secure connection: The proposed system guarantees a secure connection between a cloud user and an allocated VM. _ Secure storage: The proposed system guarantees a protected cryptographic environment for guest VM images. _ Secure management: The proposed system delegates a VM management privilege to a cloud user, and provides a way to check the completion of the management request. Module 3 Interface isolation
  • 8. The main goal of the propose architecture is to isolate security critical processes and data from cloud administrators. Since the proposed architecture does not count on privileged domains, security processes are performed in TCM and TVMM. Therefore, the private data in TCM are accessed only by TCM itself and TVMM. On the other hand, a privileged domain also needs to access TCM for system managements. Accessing TCM from a privileged domain, however, jeopardizes the security of guest VMs. To resolve this dilemma, the proposed system supports dual interfaces which expose different interfaces, management and security-critical interfaces, to a privileged domain and TVMM respectively. Management interface is a set of interfaces for initiating VM creation, destruction, and attestation. Therefore, the management interface is used by a privileged domain and includes following functions which are unrelated to accessing private data of guest VMs. Although the privileged domain initiates the management operations, any security- sensitive operations are conducted within TCM, protecting the private data. Measurement and reporting: TCM supports an attestation function including system measurement and reporting as TPM does. TCM stores system measurement values in special registers called platform configuration registers (PCRs) and returns a quoted blob. Since the measurement values are the calculated hash values of platform software stacks, an external entity is able to attest the platform where TCM is equipped.
  • 9. _ Entrusted attestation: After the system boots, only measurement and reporting and entrusted attestation functions are available to a privileged domain, but other functions remain unavailable. They become available only after verifying system states with the entrusted attestation performed via the management interface. _ Managing VSC: TCM maintains a data structure called VM security context (VSC), which contains securitycritical data for each VM. VSC has cryptographic keys for disk encryption, and has the integrity data of VM images. Even though the keys and integrity data are read and modified via a security-critical interface, allocation and deallocation are accomplished via the management interface. Security critical interface is accessible only from the verified TVMM to provide security related functionality. To be specific, the following functions are provided. _ Accessing cryptographic keys and integrity data: TCM creates cryptographic keys for VM images and integrity data of the images, and stores them in VSC. The keys and integrity data are accessible from TVMM, which is verified with the entrusted attestation scheme before accessing the keys and integrity data. _ Signing initial guest image hash: To guarantee that a cloud user connects to a correct VM on the attested platform, the user should be able to check the initial guest image hash. The guest image hash is signed by the AIK of TCM to prevent forgery, and is verified by DA afterwards. This function is used for the secure connection between users and TCM, as described in the following section.
  • 10. _ Management request validation: A cloud user sends a management operation to a cloud node. When such an operation is not triggered by a valid cloud user, the VM state of a cloud user could be changed arbitrarily. Thus, this function is used for validating the owner of a guest VM as described in x3.4. In the proposed system architecture, the system BIOS, bootloader, and VMM are also part of the TCB, in addition to TCM. Although TCM itself is verified and cannot be changed in an isolated environment, the other system software stack must be verified to guarantee the trustworthiness of the entire cloud system. TCM grants VMM accesses to security sensitive services only if the VMM is verified to be a known-correct TVMM. Since the TVMM denies any access from a privileged Module 4 Secure connection To establish a secure connection between a cloud user and an allocated VM, there are three equirements. First, a cloud user should attest the platform where the allocated VM is running. Second, a cloud user should attest the allocated VM images. Third, a cloud user should receive a VM server key (e.g., SSH server key of the VM) and set a user key (e.g., user key of SSH server) securely in the allocated VM. To meet these requirements, we define a secure connection protocol
  • 11. and summarize keys in the protocol. Since platform information and VM image information includes ash values that a cloud user does not know, the cloud user communicates to DA and DA translates such hash values into human recognizable information according to the protocol. DA communicates to TCM with a session key created by the entrusted verification protocol. During the entrusted verification process, DA attests the platform meeting the first requirement. To meet the second requirement, the proposed system stores the hashes of initial images during initial deployment, and the hashes are verified by DA afterward to ensure the initial integrity of VM images. In most cloud services, pre-made VM images are used to launch a new VM. Even though they exist as unencrypted images in the cloud repository, they are encrypted with a cryptographic key in VSC before the first launch. During the encryption process, the initial integrity hash value is calculated and stored in VSC. The hash value is delivered to DA in Step 9, and DA translates the hash value to VM image information such as OS version and software stacks. The VM image information is delivered to the cloud user in Step 10 and the cloud user is able to check the allocated VM images. To meet the third requirement, a VM server key and a user key are also exchanged securely with the proposed protocol. For major cloud service vendors, cloud systems create user keys and stores them in their server. Afterwards, an allocated VM downloads the user key via HTTP. Accordingly, cloud administrators can access the stored user key.
  • 12. Contrary to such an approach, with the proposed protocol, a cloud user creates a pair of cryptographic keys and delivers the public part of the key to the allocated VM. The user key is denoted by UK. Since the user key is asymmetric, the private part of the user key is and is never revealed. The VM server key denoted by VK is created by the OS of the allocated VM and is delivered to the cloud user via the protocol. Therefore, only the cloud user is able to connect to the allocated VM. Once a VM server key and a user key are exchanged, the communication between a cloud user and an allocated VM is secured by a public key protocol such as the Needham- Schroeder-Lowe protocol. CONCLUSION Security is a primary consideration for cloud users. Even though security threats by cloud administrators are feasible and critical, cloud service providers are mainly concerned with security threats from external attacks rather than internal attacks. This viewpoint hinders the proliferation of cloud computing. In this paper was presented a cloud system architecture consisting of TCM and TVMM to prevent cloud administrators from a_ecting the security of guest VMs. As the architecture isolates the data of cloud users from cloud administrators, the data of cloud users are protected even with a
  • 13. compromised privileged domain or malicious cloud administrators. The proposed system provides security functionality against wide attack vectors and achieves a small TCB. It also shows reasonable I/O performance, proving its feasibility. REFERENCES [1] D. G. Murray, G. Milos, and S. Hand, “Improving xen security through disaggregation,” in Proceedings of the 4th ACM SIGPLAN/SIGOPS international conference on Virtual Execution Environments (VEE), 2008, pp. 151–160. [2] N. Santos, K. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in Proceedings of the 2009 conference on Hot topics in cloud computing (HOTCLOUD), 2009. [3] L. Chunxiao, A. Raghunathan, and N. Jha, “Secure virtual machine execution under an untrusted management OS,” in Proceedings of IEEE 3rd International Conference on Cloud Computing (CLOUD), 2010, pp. 172–179. [4] S. Butt, H. A. Lagar-Cavilla, A. Srivastava, and V. Ganapathy, “Selfservice cloud computing,” in Proceedings of the 2012 ACM conference on Computer and Communications Security (CCS), 2012, pp. 253–264.
  • 14. [5] J. Kong, “Protecting the confidentiality of virtual machines against untrusted host,” in 2010 International Symposium on Intelligence Information Processing and Trusted Computing (IPTC), 2010, pp. 364–368. [6] “TCG architecture overview, version 1.4,” http://www.trustedc omputinggroup.org/resources/. [7] B. D. Payne, M. D. de Carbone, and W. Lee, “Secure and flexible monitoring of virtual machines,” in proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), 2007, pp. 385– 397. [8] Chunxiao Li, A. Raghunathan, and Niraj K. Jha, “A trusted virtual machine in an untrusted management environment,” IEEE Transactions on Services Computing, vol. 5, no. 4, pp. 472–483, 2012. [9] Y. Xia, Y. Liu, H. Chen, and B. Zang, “Defending against VM rollback attack,” in Proceedings of 42nd IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 2012, pp. 1–5. [10] “Amazon elastic compute cloud (EC2),” http://aws.amazon.com/ec2/. [11] J. Choi, J. Park, J. Seol, and S. Maeng, “Isolated mini-domain for trusted cloud computing,” in Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), 2013, pp. 194–195.