The Codex of Business Writing Software for Real-World Solutions 2.pptx
Trust and Cloud computing, removing the need for the consumer to trust their provider
1. Trust and Cloud computing, removing the need
for the consumer to trust their provider
Prof David Wallom
University of Oxford
2. Overview
• The problem
– Drivers of cloud adoption
– Threats forming barriers to adoption
– Trust and the stakeholders in the cloud
– Building trust through regulation
– Trusted products within a marketplace
• The solution
– Trusted Computing
– Chain of trust
– OAT
– Trusted Appliances, Applications and user data
7. Trust at the Last Mile
• Problem for high value instantly usable data and services
– Critical data or keys are still exposed inside the cloud at the final steps
– Still require customers unconditional trust of their CSP
– Value may be great enough that traditional blackmail/bribery may be enough to
gain access
8. Cloud (IaaS) and Security
cloud infrastructure
Storage
(Object)
Storage
(Block)
Host
VM
Host
VM
…
Users
• AAI: management, storage APIs.
• VMs: security groups (layer 2/3), firewall,
VPN.
• OS: admin policies, monitoring, auditing,
patches, etc.
• HW: physical security
• How can users trust the origin and identity
of the cloud infrastructure software stack?
• How can users trust the origin and identity
of VMs, Block Storage, Storage Objects?
13. Recap
• Cloud already affects all our lives, it will soon affect extremely high value parts of our lives even more
• Security, Trust and Privacy still great concerns
• The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches
• Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it
by def. limits some functions or capabilities
• Providing improved consumer information may allow us to build reputation systems but there is nothing to
stop them being subverted and having to use clean branded appliances each time will cause operational
headaches.
• We must trust our cloud provider, completely!
• We don’t really know whats going on within the cloud
• We are worried we may lose our data
15. Trusted Computing
• What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for
implementing a remotely verifiable infrastructure.
• What it does and what it does not: It enables a challenger to remotely verify the genuine
configurations of a platform. It provides no guarantee on the security properties of the platform,
but leaves the challengers to determine the properties by mapping the configurations to a
predefined security properties repository.
• TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and
reporting the platform’s configuration, together with other supporting capabilities, such as
secure key management.
• Integrity and attestation: The integrity of a platform is defined as its capability to behave as
expected. In general implementation, integrity is interpreted as whether only expected software
components with expected configurations have been loaded on the target platform. Remote
Attestations are performed to examine the integrity of a remote platform.
• Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof
hardware. However, complexities in managing the expected platform configurations have
inhibited the widespread adoption of Trusted Computing.
16. Extend the Trusted Platform to the cloud
• Reassure customers that the cloud infrastructure is strong
enough to defend against attackers or malicious users.
• Enables a mechanism by which the properties of the cloud
service components and third-party extensions can be
continuously inspected and examined.
17. Trusted Computing and Cloud Computing
User verifiable Chain of Trust
=
Attestation result of Storage +
Attestation result of Host +
Attestation result of VM
…but in the cloud the hardware
components can change…
HW/TPM
Host Controller
Hypervisor
Virtual
Machine
vTPM
Virtual
Machine
vTPM
Virtual
Machine
vTPM
HW/TPM
Storage
Controller
Storage Service
12
3
123
18. Open Attestation (OAT) as a Trusted Third Party
…but what about
resilience and
scalability?
19. Porridge (Distributed OAT)
• High frequency platform verification
• Application whitelisting
• Verifiable Logging
20. Attesting Cloud Services
• VM attestation
– Know exactly the status of your system, its how you left it!
• Centralized Attestation Service
– A service to periodically examining all the cloud nodes and recording their configurations;
– Customers attest the delegates to make sure the attestation service is correctly running.
– Supporting dynamic VM migration attesting both source and destination to ensure
continual validity
• Property-based Access Controls
– Customers define the access control policies to their data or keys based on the
properties of the accessing cloud applications and the underlying hosting infrastructure.
– Whitelisting application software within a cloud instance
21. Trusted Data Processing
• To ensure that customer data is not abused by their CSP when
outsourced to the cloud infrastructure for processing or
storage.
• TDP ensures customers that their data is only decrypted by
their applications, having the predefined states, and being
deployed on the part of the cloud satisfying predefined SLA.
22. Trusted Data Exchanging
• To ensure that Customer Data is not abused by other
customers when shared on a common infrastructure to achieve
cooperative computations.
• TDP ensures a Data Provider that every piece of data is
processed only by applications with predetermined properties.
23. Conclusion
• Trust is still highlighted as a significant barrier to cloud adoption in high value usecases
• Traditional security still requires users to trust their CSP
• Regulation may aim for a secure business as usual, it doesn’t support you when things go
wrong
• Utilising Trusted Computing and remote attestation builds a chain of trust
– Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data
– Support application and data whitelisting to ensure only those with permission can use services
or capabilities
• Only registered and verified hosts can run high value applications
• Only registered and verifies services can access high value data
• Extending existing Trusted Third Party capabilities to support multiple trusted Service
Providers providing externally verifiable measurement of cloud located services
• We are removing the need to trust your cloud provider by building cryptographically
secure cloud
How to effectively verify “what is really going on inside the cloud”.
Whether the acquired Cloud services are enforced;
Whether only the acquired Cloud services are accessing customers’ data.
15
Attestation of VMs: only expected programs with expected configuration files are loaded inside the VM.
Attestation of Hosts: only the expected VM with the expected software stack has been instantiated. The VM the user is currently connecting to, is genuinely loaded by the genuine hypervisor.
Attestation of Storage: the VM is binding to the expected virtual storage, and the state of the virtual storage can only be manipulated by an expected software stack. The virtual storage connected to the user’s VM is genuinely loaded and managed by the genuine Storage Management software with the specified parameters.