Trusted VM Snapshots in Untrusted Cloud Infrastructures
نویسندگان
چکیده
A cloud customer’s inability to verifiably trust an infrastructure provider with the security of its data inhibits adoption of cloud computing. Customers could establish trust with secure runtime integrity measurements of their virtual machines (VMs). The runtime state of a VM, captured via a snapshot, is used for integrity measurement, migration, malware detection, correctness validation, and other purposes. However, commodity virtualized environments operate the snapshot service from a privileged VM. In public cloud environments, a compromised privileged VM or its potentially malicious administrators can easily subvert the integrity of a customer VMs snapshot. To this end, we present HyperShot, a hypervisor-based system that captures VM snapshots whose integrity cannot be compromised by a rogue privileged VM or its administrators. HyperShot additionally generates trusted snapshots of the privileged VM itself, thus contributing to the increased security and trustworthiness of the entire cloud infrastructure.
منابع مشابه
Confidential Execution of Cloud Services
In this paper, we present Confidential Domain of Execution (CDE), a mechanism for achieving confidential execution of software in an otherwise untrusted environment, e.g., at a Cloud Service Provider. This is achieved by using an isolated execution environment in which any communication with the outside untrusted world is forcibly encrypted by trusted hardware. The mechanism can be useful to ov...
متن کاملRetroVisor: Nested Virtualization for Multi IaaS VM Availability
Nested virtualization [1] provides an extra layer of virtualization to enhance security with fairly reasonable performance impact. Usercentric vision of cloud computing gives a high-level of control on the whole infrastructure [2], such as untrusted dom0 [3, 4]. This paper introduces RetroVisor, a security architecture to seamlessly run a virtual machine (VM) on multiple hypervisors simultaneou...
متن کاملRunning ZooKeeper Coordination Services in Untrusted Clouds
Cloud computing is a recent trend in computer science. However, privacy concerns and a lack of trust in cloud providers are an obstacle for many deployments. Maturing hardware support for implementing Trusted Execution Environments (TEEs) aims at mitigating these problems. Such technologies allow to run applications in a trusted environment, thereby protecting data from unauthorized access. To ...
متن کاملVM Consolidation by using Selection and Placement of VMs in Cloud Datacenters
The Cloud Computing model leverages virtualization of computing resources allowing customers to provision resources on-demand on a pay-as-you-go basis. During recent years, the power consumption of datacenters in cloud environment attracted researchers. Optimization of energy consumption can be performed by different methods including virtual machine (VM) consolidation. This technique can reduc...
متن کاملA Virtual Machine Cloning Approach Based on Trusted Computing
Cloud computing has become more and more popular and the technology of rapid virtual machine (VM) cloning is widely used in cloud computing environment to implement the fast deployment of VMs to meet the need of bursting computational request. However, the security issue of VM cloning technology is not considered thoroughly in current approaches. This paper proposes a virtual machine cloning ap...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012