Development of Design for Enhancing Trust in Cloud’s SPI Stack

Öz

Cloud computing defines the SPI model, which is generally agreed upon as providing Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service. Interest in those service delivery models is growing because the paradigm offers to cloud customers high computational resource on-demand with a low cost. However, trustiness in the cloud services regarding the security and the privacy of the delivered data is the most critical issue in the SPI model. In this paper we propose a trusted SPI model that gives cloud customer more confidence into SPI services by leveraging a trust in a neutral SPI certifying authority. The proposed model prevents insider attacks from tampering with application service before and after the computational resource was launched and allow cloud customer to verify if its node run in a secure environment

Anahtar Kelimeler

• Cloud Computing,SPI Stack,TPM,Trustiness,Multisignature scheme

Kaynakça

1. Ron Zalkind. Protecting Your Data in Google Docs Compliance In The Cloud. http://hosteddocs.ittoolbox.com/protecting-your-data-in-google-docs.pdf.
2. N. Santos, K. P. Gummadi, and R. Rodrigues. Towards trusted cloud computing. In Proceedings of the Workshop on Hot Topics in Cloud Computing, HotCloud’09. USENIX Association, 2009. http://portal.acm.org/citation.cfm?id=1855533.1855536.
3. Lina Jia, Min Zhu, and Bibo Tu. 2017. T-VMI: Trusted Virtual Machine Introspection in Cloud Environments. In Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid '17). IEEE Press, Piscataway, NJ, USA, 478-487. DOI: https://doi.org/10.1109/CCGRID.2017.48
4. https://trustedcomputinggroup.org/tpm-main-specification/
5. Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. 2003. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the nineteenth ACM symposium on Operating systems principles (SOSP '03). ACM, New York, NY, USA, 193-206. DOI=http://dx.doi.org/10.1145/945445.945464
6. Krautheim F.J., Phatak D.S., Sherman A.T. (2010) Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In: Acquisti A., Smith S.W., Sadeghi AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. DOI: https://doi.org/10.1007/978-3-642-13869-0_14
7. Li B., Lv S., Zhang Y., Tian M. (2014) The Application of Trusted Computing Technology in the Cloud Security. In: Wong W.E., Zhu T. (eds) Computer Engineering and Networking. Lecture Notes in Electrical Engineering, vol 277. Springer, Cham. DOI : https://doi.org/10.1007/978-3-319-01766-2_99
8. National Institute of Standards and Technology (NIST) FIPS PUB 186-4, Digital Signature Standard (DSS). DOI: http://dx.doi.org/10.6028/NIST.FIPS.186.4

9. Yu, Z., Zhang, W. & Dai, H. A Trusted Architecture for Virtual Machines on Cloud Servers with Trusted Platform Module and Certificate Authority. Journal of Signal Processing System (2017) vol:86. https://doi.org/10.1007/s11265-016-1130-9
10. R. Chandramouli, M. Iorga, S. Chokhani. NIST IR 7956: Cryptographic Key Management Issues & Challenges in Cloud Services. DOI : http://dx.doi.org/10.6028/NIST.IR.7956
11. K. Itakura and K. Nakamura,. A public-key cryptosystem suitable for digital multisignatures. In NEC Res. Development 71 (1983), pp. 1-8.
12. T. Okamoto. Tatsuaki Okamoto. 1988. A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Comput. Syst. 6, 4 (November 1988), 432-441. DOI: http://dx.doi.org/10.1145/48012.48246
13. M. Bellare, G. Neven. New multi-signatures and a general forking lemma. in CCS06, 2006. DOI: https://doi.org/10.1145/1180405.1180453
14. M. Bellare, G. Neven. Identity-based multi-signatures from RSA. In CT-RSA, 2007. DOI: https://doi.org/10.1007/11967668_10
15. E. Brickell, J. Camenisch, L. Chen. Direct Anonymous Attestation. In ACM Conference on Computer and Communications Security, pp. 132-145, 2004.
16. A. Brown, J. S. Chase . Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications. In: Proc. of CCSW. pp. 15-20 (2011). DOI: https://doi.org/10.1145/2046660.2046665
17. Tang Y. and Lee P. P. C. and Lui J. C. S. and Perlman R., Secure Overlay Cloud Storage with Access Control and Assured Deletion, IEEE Transactions on Dependable and Secure Computing, Vol 9, p. 903-916 (2012). DOI: https://doi.org/10.1109/TDSC.2012.49
18. Saurabh Singh, Young-Sik Jeong, Jong Hyuk Park, A survey on cloud computing security: Issues, threats, and solutions, Journal of Network and Computer Applications, Volume 75, November 2016, Pages 200-222, ISSN 1084-8045. DOI: http://dx.doi.org/10.1016/j.jnca.2016.09.002.
19. Khalil, I., Khreishah, A., Azeem, M., Cloud Computing Security: A Survey, Computers 2014, 3(1), 1-35; DOI: https://dx.doi.org/10.3390/computers3010001.
20. M. Cengız Toklu. Determination of Customer Loyalty Levels by Using Fuzzy MCDM Approaches. Acta Physica Polonica A (2017) (Special issue of the 3rd International Conference on Computational and Experimental Science and Engineering (ICCESEN 2016)). Pp. 650-654. DOI: http://dx.doi.org/10.12693/APhysPolA.132.650
21. D. Alhalafi. A New Methodology to Disambiguate Privacy. Acta Physica Polonica A (2015) (Special issue of the International Conference on Computational and Experimental Science and Engineering (ICCESEN 2014)). Pp. B-319 – B-323. DOI : http://dx.doi.org/10.12693/APhysPolA.128.B-324