secure service provisioning in a public cloud

Mälardalen University Press Licentiate ThesesNo. 157

SECURE SERVICE PROVISIONING IN A PUBLIC CLOUD

Mudassar Aslam

2012

School of Innovation, Design and Engineering

Mälardalen University Press Licentiate ThesesNo. 157

SECURE SERVICE PROVISIONING IN A PUBLIC CLOUD

Mudassar Aslam

2012

School of Innovation, Design and Engineering

Populärvetenskapligsammanfattning

Utvecklingen av molntekniker möjliggör utnyttjande av IT-resurser överInternet, och kan innebära många fördelar för såväl företag som privat-personer. Dock innebär denna nya modell för användandet av resurseratt säkerhetsfrågor uppstår, frågor som inte existerat i traditionell resur-shantering på datorer. I avhandlingen fokuserar vi på säkerhetsfrågorsom rör en användare av molntjänster (t.ex. en organisation, myndighetetc.), när användaren vill leasa molntjänster i form av Virtuella maskiner(VM) från en publik leverantör av Infrastructure-as-a-Service (IaaS).

Det finns många säkerhetsområden i molnsystem: att hålla datahemliga, att resurserna är korrekta, att servicen är den utlovade, attsäkerheten kan kontrolleras, etc. I denna avhandling fokuserar vi påsäkerhetsproblem som resulterar i att tillit saknas mellan aktörerna imolnsystem, och som därmed hindrar säkerhetskänsliga användare frånatt använda molntjänster. Från en behovsanalys ur säkerhetsperspektivföreslår vi lösningar som möjliggör tillit i publika IaaS-moln.

Våra lösningar rör i huvudsak säker livscykelhantering av virtuellamaskiner, inklusive mekanismer för säker start och säker migrering avvirtuella maskiner. Lösningarna säkerställer att användarens VM alltidär skyddad i molnet genom att den endast tillåts exekveras på pål-itliga (trusted) plattformar. Detta sker genom att använda teknikerför s.k. trusted computing (pålitlig datoranvändning), vilket innebäratt användaren på distans kan kontrollera om plattformen är tillförlitligeller inte. Vi presenterar även en prototypimplementation som visar re-aliserbarheten av de föreslagna säkerhetsprinciperna för säker start ochmigrering av VM.

i

Abstract

The evolution of cloud technologies which allows the provisioning of ITresources over the Internet promises many benefits for the individualsand enterprises alike. However, this new resource provisioning modelcomes with the security challenges which did not exist in the traditionalresource procurement mechanisms. We focus on the possible securityconcerns of a cloud user (e.g. an organization, government department,etc.) to lease cloud services such as resources in the form of Virtual Ma-chines (VM) from a public Infrastructure-as-a-Service (IaaS) provider.There are many security critical areas in the cloud systems, such as dataconfidentiality, resource integrity, service compliance, security audits etc.In this thesis, we focus on the security aspects which result in the trustdeficit among the cloud stakeholders and hence hinder a security sensi-tive user to benefit from the opportunities offered by the cloud comput-ing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds.Our solutions mainly deal with the secure life cycle management of theuser VM which include mechanisms for VM launch and migration. TheVM launch and migration solutions ensure that the user VM is alwaysprotected in the cloud by only allowing it to run on the user trusted plat-forms. This is done by using trusted computing techniques that allowthe users to remotely attest and hence rate the cloud platforms trustedor untrusted. We also provide a prototype implementation to prove theimplementation feasibility of the proposed trust enabling principles usedin the VM launch and migration solutions.

iii

Acknowledgments

First of all, I am really thankful to my Allah who gave me perseverance,knowledge and strength to achieve this milestone. I pray Him to makemy knowledge beneficial for others.

I am grateful to all people in SICS, MDH and Ericsson who sup-ported and guided me in doing this work; especially, my co-supervisorDr. Christian Gehrmann who provided me the opportunity to work in anesteemed research environment at SICS. I am indebted to all the effortsand valuable time that Christian has spent on me for guiding, improv-ing and polishing my research skills right from the very first day. I alsowant to express my sincere regards and gratitude for my main supervi-sor Prof. Mats Björkman who provided me the much needed motivation,inspiration and guidance in achieving this milestone.

I feel happy, satisfied and proud to get the opportunity to work withthe learned researchers from SICS and Ericsson who provided very usefulfeedback to improve my work and tune it according to the current andfuture industrial demands. I express my gratitude to András Méhes whoprovided his insightful criticism to remove the lacunae in various stagesof this work; Lars Rasmusson, Fredric Morenius and Nicolae Paladi fortheir collaborative research and development activities; and Rolf Blomfor his useful research directions.

I am really thankful to all my co-workers specially Anders Gunnar,Anders Lindgren, Bengt Ahlgren, Björn Grönvall, Henrik Abrahamsson,Ian Marsh, Laura Feeney and Maria Holm who provided a unique profes-sional and research environment for me. I would specially like to thankOliver Schwarz for his discussions (technical and social) and valuablesuggestions whenever solicited.

Finally, I would like to thank all my friends and colleagues includingShahid Raza, Shahzad Saleem, Zeeshan Ali Shah and many others whohelped me whenever required.

v

vi

I would like to dedicate this work to my parents and family whosupported me throughout my academic and professional carrier withtheir love, guidance and sacrifices whenever required.

Mudassar AslamStockholm, October, 2012

This work has been performed in the Secure Systems Group (SecSys) whichis a security group within Communication Networks and Systems laboratory(NETS) in the Swedish Institute of Computer Science (SICS). Other partnersthat were involved in various projects include Ericsson, Saab, TeliaSonera andT2Data. The funding for this work has mainly been provided by VINNOVAthrough different research projects, and also by the Higher Education Commis-sion (HEC), Pakistan in the form of scholarship grant for my PhD studies.

The SICS is jointly sponsored by the Swedish government and the Industry

partners which include TeliaSonera, Ericsson, Saab AB, FMV (Defense Ma-

teriel Administration), Green Cargo (Swedish freight railway operator), ABB,

and Bombardier Transportation.

List of Publications

Papers Included in the Licentiate Thesis1

Paper A Security Considerations for Virtual Platform Provisioning.Mudassar Aslam, Christian Gehrmann. In European Conferenceon Information Warfare and Security ECIW-2011, 7-8 July 2011,Tallin, Estonia.

Paper B Securely Launching Virtual Machines on Trustworthy Plat-forms in a Public Cloud.Mudassar Aslam, Christian Gehrmann, Lars Rasmusson, MatsBjörkman. In 2nd International Conference on Cloud Comput-ing and Services Science, CLOSER 2012, 18-21 April 2012, Porto,Portugal.

Paper C Security and Trust Preserving VM Migrations in Public Clouds.Mudassar Aslam, Christian Gehrmann, Mats Björkman. In 2ndIEEE International Symposium on Trust and Security in CloudComputing, part of IEEE TrustCom-12, 25-27 June 2012, Liver-pool, UK.

Paper D Protecting Private Data in the Cloud.Lars Rasmusson, Mudassar Aslam. In 2nd International Con-ference on Cloud Computing and Services Science, CLOSER 2012,18-21 April 2012, Porto, Portugal.

1The included articles have been reformatted to comply with the thesis layout

vii

viii

SICS Technical Reports

• Mudassar Aslam, Christian Gehrmann. TCG Based Approachfor Secure Management of Virtualized Platforms: state-of-the-art.ISSN No. 1100-3154, SICS Technical Report (T2010:05), 2010.Available at http://soda.swedish-ict.se/3993/

• Mudassar Aslam, Christian Gehrmann. Deploying Virtual Ma-chines on Shared Platforms. ISSN No. 1100-3154, SICS TechnicalReport (T2011:07), 2011. Available at http://soda.swedish-ict.

se/4170/

List of Acronyms

AIK Attestation Identity Key

CAP EX Capital Expenditure

Client See User

CSA Cloud Security Alliance

CSP Cloud Service Provider

EK Endorsement Key

GuestOS Guest Operating System

IaaS Infrastructure-as-a-Service

P aaS Platform-as-a-Service

P CA Privacy CA

P CR Platform Configuration Registers

P rovider Cloud Service Provider

P T AA Platform Trust Assurance Authority

SaaS Software-as-a-Service

SecaaS Security-as-a-Service

SLA Service Level Agreement

SRK Storage Root Key

ix

x

T AL Trust Assurance Level

T CG Trusted Computing Group

T P M Trusted Platform Module

T SP I TCG Service Provider Interface

T SS TCG Software Stack

User Cloud Service User

V MM Virtual Machine Monitor

Contents

I Thesis 1

1 Introduction 31.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 Thesis Outline . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Background 72.1 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.1 The XEN Hypervisor . . . . . . . . . . . . . . . . 82.2 Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . 9

2.2.1 Service Models . . . . . . . . . . . . . . . . . . . . 102.2.2 Deployment Models . . . . . . . . . . . . . . . . . 12

2.3 Introducing Digital Trust . . . . . . . . . . . . . . . . . . 142.3.1 The Trusted Computing Group (TCG) . . . . . . . 142.3.2 Trusted Platform Module (TPM) . . . . . . . . . . 152.3.3 TPM - Key Management . . . . . . . . . . . . . . 152.3.4 TPM Message Protection . . . . . . . . . . . . . . 172.3.5 Sealing Data Remotely . . . . . . . . . . . . . . . . 19

3 Security Critical Areas in Cloud Computing 213.1 Security Assessment of the Host Platform . . . . . . . . . 22

3.1.1 Physical Security . . . . . . . . . . . . . . . . . . . 233.1.2 Platform Integrity . . . . . . . . . . . . . . . . . . 23

3.2 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4 Our Solutions for Secure Cloud Services 254.1 Research Method . . . . . . . . . . . . . . . . . . . . . . . 254.2 Security Analysis for Virtual Platform Provisioning . . . . 27

xi

xii Contents

4.2.1 Threats . . . . . . . . . . . . . . . . . . . . . . . . 274.2.2 Security Requirements . . . . . . . . . . . . . . . . 284.2.3 Summary . . . . . . . . . . . . . . . . . . . . . . . 28

4.3 Secure Virtual Machine Launch and Management Mech-anism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284.3.1 VM launch . . . . . . . . . . . . . . . . . . . . . . 294.3.2 VM Management . . . . . . . . . . . . . . . . . . . 294.3.3 Implementation . . . . . . . . . . . . . . . . . . . . 30

4.4 Secure Virtual Machine Migration Mechanism . . . . . . . 314.4.1 Concepts . . . . . . . . . . . . . . . . . . . . . . . 314.4.2 Platform Certification (Phase-I) . . . . . . . . . . 324.4.3 VM Migration (Phase-II) . . . . . . . . . . . . . . 324.4.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . 33

5 Conclusions 355.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 355.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 37

6 Overview of Papers 396.1 Paper A . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.2 Paper B . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416.3 Paper C . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426.4 Paper D . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

II Included Papers 49

7 Paper A:Security Considerations for Virtual Platform Provision-ing 517.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 537.2 Scenario - A Telecommunication Cloud Use Case . . . . . 547.3 Threat and Security Requirements . . . . . . . . . . . . . 57

7.3.1 Provider Network Authentication . . . . . . . . . . 577.3.2 Platform Integrity and Authentication . . . . . . . 587.3.3 Authentication, Attestation and VM Launch Pro-

tocol . . . . . . . . . . . . . . . . . . . . . . . . . . 597.3.4 VM Isolation . . . . . . . . . . . . . . . . . . . . . 59

Contents xiii

7.3.5 Confidentiality . . . . . . . . . . . . . . . . . . . . 607.3.6 Secure VM Migration . . . . . . . . . . . . . . . . 60

7.4 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 617.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 63Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

8 Paper B:Securely Launching Virtual Machines on TrustworthyPlatforms in a Public Cloud 698.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 718.2 Scenario and Threats . . . . . . . . . . . . . . . . . . . . . 72

8.2.1 Scenario . . . . . . . . . . . . . . . . . . . . . . . . 728.2.2 Threats . . . . . . . . . . . . . . . . . . . . . . . . 73

8.3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 748.4 Cloud Platform Security Architecture . . . . . . . . . . . 76

8.4.1 Cloud Platform Architecture . . . . . . . . . . . . 768.4.2 Platform Credentials . . . . . . . . . . . . . . . . . 788.4.3 Platform Secure Boot . . . . . . . . . . . . . . . . 79

8.5 Secure VM Launch Protocol . . . . . . . . . . . . . . . . . 798.5.1 Connect and Discovery . . . . . . . . . . . . . . . . 818.5.2 Platform Integrity-Verification . . . . . . . . . . . 818.5.3 VM Launch . . . . . . . . . . . . . . . . . . . . . . 82

8.6 Implementation . . . . . . . . . . . . . . . . . . . . . . . . 838.6.1 User-Provider Client . . . . . . . . . . . . . . . . . 848.6.2 Procurement Server . . . . . . . . . . . . . . . . . 848.6.3 Cloud Platform: Management Agent . . . . . . . . 85

8.7 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . 868.7.1 Authentication . . . . . . . . . . . . . . . . . . . . 878.7.2 Confidentiality . . . . . . . . . . . . . . . . . . . . 888.7.3 Integrity . . . . . . . . . . . . . . . . . . . . . . . . 888.7.4 Non-Repudiation . . . . . . . . . . . . . . . . . . . 898.7.5 Replay Protection . . . . . . . . . . . . . . . . . . 89

8.8 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 89Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

9 Paper C:Security and Trust Preserving VM Migrations in PublicClouds 959.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 97

xiv Contents

9.2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . 989.2.1 VM Migration . . . . . . . . . . . . . . . . . . . . 99

9.3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . 1009.4 Attack Model and Security Requirements . . . . . . . . . 102

9.4.1 Attack Model . . . . . . . . . . . . . . . . . . . . . 1029.4.2 Requirements Analysis . . . . . . . . . . . . . . . . 103

9.5 Proposed Trusted VM Migration . . . . . . . . . . . . . . 1049.5.1 Platform Trust Certification . . . . . . . . . . . . . 1059.5.2 VM Migration Protocol . . . . . . . . . . . . . . . 109

9.6 Requirements Review . . . . . . . . . . . . . . . . . . . . 1129.7 Conclusion and Future Work . . . . . . . . . . . . . . . . 113Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

10 Paper D:Protecting Private Data in the Cloud 11910.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 12110.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 122

10.2.1 Resources . . . . . . . . . . . . . . . . . . . . . . . 12310.2.2 Software Probes . . . . . . . . . . . . . . . . . . . 12310.2.3 Procurement . . . . . . . . . . . . . . . . . . . . . 12410.2.4 Resource and Policy Description File . . . . . . . . 12410.2.5 VM Launch . . . . . . . . . . . . . . . . . . . . . . 12510.2.6 Probe Inlining . . . . . . . . . . . . . . . . . . . . 126

10.3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . 12710.3.1 Base System . . . . . . . . . . . . . . . . . . . . . 12710.3.2 Launch Manager . . . . . . . . . . . . . . . . . . . 12710.3.3 Binary Code Inliner . . . . . . . . . . . . . . . . . 128

10.4 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . 12910.4.1 Locking out the provider with TC . . . . . . . . . 12910.4.2 Locking out the client . . . . . . . . . . . . . . . . 131

10.5 Related Work and Contributions . . . . . . . . . . . . . . 13210.5.1 Related Work . . . . . . . . . . . . . . . . . . . . . 13210.5.2 Contribution . . . . . . . . . . . . . . . . . . . . . 133

Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

I

Thesis

1

Chapter 1

Introduction

Traditionally, enterprises and organizations procure physical hardwareresources to set up their IT infrastructure. However, the availability ofmulti-core, high performance computing platforms together with the ad-vancements in virtualization technologies and high-speed data networkshave created new possibilities of resource procurement usually known ascloud services. Buying a cloud service can be a quicker, more dynamicand cost effective way to run an IT service compared to using own hard-ware. Costs can also be saved due to less administration as well asenergy savings. Well established cloud service categories are Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) which are sometimes commonly called SPI service mod-els [1]1. A cloud service is not only limited to SPI service models ratherAnything-as-a-Sevice (XaaS) can be offered, for example, Storage-as-a-Service, Database-as-a-Service, Security-as-a-Service, etc. We focus onsecurity and trust related aspects in an Infrastructure-as-a-Service (IaaS)service delivery model in which a cloud service provider (CSP ) uses plat-form virtualization by means of a hypervisor (e.g. XEN) to create andrun multiple virtual instances called Virtual Machines (VMs) for manyclients on a single physical machine. The use of virtualization and itsability to create multiple VMs of different specifications (attached mem-ory, storage and processing power etc.) on a single powerful physicalmachine allows maximum utilization of that machine by providing theservice (a VM in IaaS case) to many cloud users simultaneously.

1SPI models are described in Chapter. 2 (Section. 2.2.1)

3

4 Chapter 1. Introduction

Many possible cloud deployment models exist depending upon thenature and requirements of the cloud users. Well know examples arePrivate, Public and Hybrid clouds. A private cloud is usually deployedby the enterprise on premise and its services are provisioned to the userswho belong to the same enterprise. On the other hand, in a publiccloud model, an independent Cloud Service Provider (CSP) provisionsservices to any individual, organization or enterprise. The hybrid cloudmodel integrates both public and private cloud models. The main ad-vantage of using a public cloud over a private cloud is the ability forthe cloud user to lease and release computing services dynamically androbustly on-demand without worrying about the up-front capital expen-diture (CAPEX).

Although using public cloud services can bring many business bene-fits, it also raises various security concerns for a security sensitive user.Allowing user VM to be hosted on any platform without verifying itsintegrity can expose user confidential data, e.g. if the platform is vul-nerable or malicious. Existing cloud models only rely on contractualassurances in Service Level Agreements (SLAs) without providing anytechnological mechanism for the cloud user to verify the integrity of theremote cloud platform to enable user trust in the offered service beforeusing it. This lack of trust is one of the main reasons for not adoptingpublic cloud services by many potential users [2].

1.1 Contributions

In this thesis we address some security issues and risks in cloud com-puting. In particular, we are considering public cloud services offeredaccording to the IaaS model through virtualized computing resources.We identity the security threats in IaaS clouds that arise due to the dis-tributed nature of cloud infrastructure and undermine user trust. Ourproposed solutions in form of protocols and service deployment modelsenable user trust in the cloud services. Our suggested solutions are builtupon Trusted Computing mechanisms and utilize standard hardwaresecurity features offered by a Trusted Platform Module (TPM)2. Thefeasibility of our new concept and protocols has been verified through aprototype implementation.

The main contributions of this thesis are the following.

2See Chapter. 2 for an overview of Trusted Computing and TPMs.

1.1 Contributions 5

1. Security Requirements Analysis of IaaS Public CloudsWe make threats analysis of virtual machine provisioning in IaaSclouds. Considering these threats, we define security requirementsfor trustworthy public IaaS clouds. The analyses provide us withinsight on several unsolved security research issues as well as afoundation for our further research. The threats analysis resultswere published in ECIW’113.

2. Secure VM launchWe propose mechanisms that allows the cloud user to remotely ver-ify the security properties of the offered cloud service platform ofthe provider. Our proposed solution addresses trust building mea-sures for the initial launch of the user VM on the provider infras-tructure. We also provide a prototype implementation of the pro-posed mechanisms. This work has been published in CLOSER’124

conference which covered various aspects of cloud computing in-cluding security.

3. Secure VM migrationsWe present design principles and mechanisms to allow user VMs tomigrate across cloud platforms according to user specified securitypolicies on the host platform configurations. Our suggested proto-col enforces these policies on platform level preventing migration tountrusted/miss-configured host platforms. The proposed VM mi-gration solution complements and extends our earlier launch proto-col and makes the suggested trust model and protocols applicableto a large set of IaaS usage scenarios. The secure VM migrationresults was published in TrustCOM’125.

The contributions mentioned above only present the security require-ments which are important for increasing user trust in the public clouds.The cloud community (e.g. Cloud Security Alliance [3]) is working toenumerate a complete set of cloud security requirements to cover themanagement, administrative, legal and technical aspects. The focus andscope of this thesis is limited to the transparent handling of the userVM in public IaaS clouds. We consider the VM life cycle and providesolutions for the initial phases of VM life cycle, such as VM launch and

3http://academic-conferences.org/eciw/eciw2011/eciw11-home.htm4http://closer.scitevents.org/?y=20125http://www.scim.brad.ac.uk/~hmibrahi/TrustCom2012/

6 Chapter 1. Introduction

migration. Our contributions provide first steps in designing trustworthycloud services. However, there are many other security requirements inthe later stages of VM life cycle (i.e. VM operation, VM management)that must be fulfilled to make the public cloud models trustworthy forboth stakeholders, the user and provider. Some of the well known se-curity requirements include the protection of provider resources againstmalicious users (e.g. spammers), protection of user data against illegalretention by the provider, protection of one user VM from the other (i.e.strong isolation), etc. We assume that our contributions, as presented inthis thesis, can remove the first barrier in convincing the potential cloudusers to send their data in the public clouds.

1.2 Thesis Outline

The outline of the thesis is as follows. In Chapter 2 we present thebackground of the technologies used in this thesis which describes virtu-alization, cloud computing and trusted computing. Chapter 3 presentsthe security aspects of cloud computing, especially the need for trans-parent and trustworthy cloud services before giving an overview of oursolutions in Chapter 4. In Chapter 5 we present conclusions and futurework. We present technical overviews of the papers that we include inthis thesis in Chapter 6. These papers are presented in Chapters 7 - 10.

Chapter 2

Background

In this chapter, we introduce the concepts which are fundamental forbetter understanding of the problems we focus on (see Chapter 3), andtheir solutions we propose in this thesis (see Chapter 4). We start withan introduction to virtualization which is the underlying technology toprovide the dynamicity and flexibility to the cloud services. We presentan abstract overview of the cloud computing, its stakeholders and com-mon cloud service delivery models. Finally, we provide an overview ofTrusted Computing concepts (Section 2.3.1) which are fundamental inour proposed solutions.

2.1 Virtualization

Virtualization has been in use for many decades in different forms andat different layers. For example, it has been used to create sandbox en-vironments (at the application layer) and by the operating systems toshare system resources (e.g. memory, CPU, etc) between different pro-cesses. With the advancement of hardware capabilities which providepowerful multi-core, high performance computing platforms, there is apotential to fully utilize these hardware capabilities. This has been ad-dressed recently by using the virtualization techniques such as systemvirtualization which allows multiple Virtual Machines (VMs) to run ona single physical platform. Each VM has a full software stack (includingOS) and it runs in parallel to other VMs but each VM is like a physicallyseparated real machine. The virtualization layer that runs and separates

7

8 Chapter 2. Background

different VMs is called a hypervisor. A hypervisor runs in the most priv-ileged mode in a system and has full control over vital system resources.There are different hypervisors implementations like XEN [4], KVM [5]and VMware [6] each allowing multiple user VMs.

The solutions we provide are independent of the hypervisor usedfor platform virtualization. However, we prefer using a thin hypervisor(i.e. small in footprint) so that its small code base could be verifiedeasily and limits the areas of attack. This is usually achieved by directlyrunning the hypervisor over the hardware without loading any operatingsystem before hypervisor (unlike KVM which runs as a process in theLinux OS), and also by excluding management tasks from the hypervisorimplementation. The hypervisors like VMware and XEN follow thisarchitecture. Since the XEN hypervisor is open source and better suitsour requirements, we use it in our prototype implementations. However,our solutions can be adapted easily for any other virtualization solution.A brief introduction of XEN hypervisor is given in the following section.

2.1.1 The XEN Hypervisor

The XEN hypervisor runs directly over computer hardware allowing it torun many instances of operating systems concurrently called Guest Oper-ating Systems (GuestOSs). XEN is supported on a variety of platformslike x86, Itanium, Power PC and ARM processors and can run vari-ous operating systems (Linux, Solaris, Windows, etc) simultaneously asGuestOS [4]. A XEN-virtualized platform has the following three maincomponents as shown in Figure. 2.1.

1. The XEN hypervisor which runs directly over the hardware andprovides interface for all hardware accesses.

2. The Domain 0 referred to as Dom0 which is launched by the XENhypervisor at the time of system startup. The Dom0 has privilegedaccess to all system resources and is responsible for managing otheruser domains (e.g. start, stop, etc.)

3. The Domain User referred to as DomU operates independentlyon the system but is managed by Dom0. The DomU can runany supported operating system either unmodified leveraging vir-tualization hardware extensions (Intel VT, AMD-V) or by doingspecial modifications to the guest operating system to allow par-avitualization.

2.2 Cloud Computing 9

Figure 2.1: Architecture of a Virtualized Platform using XEN Hypervisor

2.2 Cloud Computing

A cloud is a pool of virtualized resources available over the Internet. Vir-tualization allows to configure the computing resources dynamically forthe client which can then be leased following the pay-per-use paymentmodel. Other than dynamicity and elasticity provided by virtualization,there are many other characteristics of the cloud computing which aredefined in various definitions available today. One of the most compre-hensive definitions is provided by The National Institute of Standardsand Technology (NIST) [1] which states that:

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable com-puting resources (e.g., networks, servers, storage, applica-tions, and services) that can be rapidly provisioned and re-leased with minimal management effort or service providerinteraction.”


Benefit Description

Flexibility The underlying virtualization technologies allowcloud users to request for the exact amount of re-quired resources (e.g. a VM with quad-core pro-cessing and 8GB memory etc.)

Scalability The service can be leased/released dynamically ondemand

No upfront invest-ment (CAPEX)

The cloud service can be leased dynamically whichmeans that CAPEX costs to start/expand thebusiness can be reduced a lot

Less operating costs(OPEX)

The physical cloud platforms which are used forthe provisioned service are managed by the CSPwhich saves many operational expenses for thecloud user business

Ubiquitous access The cloud services are usually web bases whichallows them to be accessed from variety of devicese.g. laptops, mobile devices, etc.

Table 2.1: Benefits of using cloud based services

The characteristics like elasticity, rapid provisioning, minimal man-agement effort, etc. promise many business benefits which are instru-mental in the recent surge towards the demand for using cloud services(see Section. 2.2.1). On the other hand, there are still many unresolvedsecurity issues (See Chapter. 3) which must be addressed before a largemajority of security sensitive users can consider using the cloud servicesto get various benefits listed in Table 2.1.

2.2.1 Service Models

The cloud computing aims at providing different IT services (e.g. stor-age, database, applications, VM, etc.) over the Internet so that the userdoes not worry about establishing and managing the underlying infras-tructure. Numerous types of such cloud services have emerged in therecent years. In the following sections, we present a brief summary ofthe well known categories usually referred to as SPI service models [1]followed by a more detailed use case of the IaaS model that we considerin this thesis.


Software-as-a-Service: Software-as-a-Service cloud model refers tothe provisioning of any useful application/software over the Internet.There are many SaaS offerings to date, e.g. Google provides office suitein the form of Google Docs [7]. Similarly, SAP provides many busi-ness process applications in their cloud solutions [8]. Other SaaS cloudproviders are Rackspace [9], Salesforce [10] etc.

Platform-as-a-Service: Platform-as-a-Service cloud model refers tothe provisioning of provider managed platforms which provide devel-opment frameworks for the cloud users. The operating system andthe required development environment is setup and managed by thecloud provider. The cloud user builds up his/her applications usingsuch platforms. Examples of PaaS providers include Microsoft WindowsAzure [11], Google App Engine [12] and Force.com [10].

Infrastructure-as-a-Service: Infrastructure-as-a-Service cloud modelrefers to the provisioning of the computing resources (e.g. CPU, memory,storage, etc.) that are used to create a user Virtual Machine (VM) whichbelongs to the cloud user and runs just like a physical machine. In anIaaS model, the cloud user takes the responsibility of managing his/herVM by installing the desired operating system and other softwares. Someexamples of IaaS providers are Amazon EC2 [13], GoGrid [14] and Flex-iScale [15].

Our Use Case: In this thesis, we consider a use case in which theCloud Service Provider (CSP) sells its computing resources, self-ownedor leased from a third party called an infrastructure provider, to theusers (or clients) according to an IaaS model (see Figure. 2.2). There areusually two or sometimes three main entities with respect to their rolesas defined in Table 2.2. However, many other business models also existwhich can have even more entities (e.g. Amazon Simple Storage Service(Amazon S31) offers cloud storage in large quantities called buckets whichare used by other storage service providers like Dropbox2 to offer servicesto the end-users).

In the IaaS model, the provider uses virtualization to allocate plat-form resources (e.g. CPU, memory, etc.) to the user according to his/her

1http://aws.amazon.com/s3/2https://www.dropbox.com/help/7/en


Figure 2.2: Infrastructure-as-a-Service (IaaS) Cloud Model

needs. Using these resources, the user can create an instance of his/hervirtual machine. The use of virtualization allows multiple users to runtheir VMs on a single physical platform. According to the existing cloudinfrastructures, the process of creating user VM involves three mainsteps. These include 1) the service request which is done by visitingthe provider portal/website, 2) the service select i.e. selecting the re-quired configuration (number of required CPU cores, required memoryand storage etc.), and 3) the service start which creates and starts theuser VM in the provider network. There are also other intermediatesteps like payment, VM image transfer/selection etc. In this thesis, weanalyze this process with respect to security and focus on the the lim-itation that the user is forced to trust the cloud provider that his/herVM will only be hosted on secure platforms during its life time. Weaddress this limitation and extend the existing process of VM life cyclemanagement by embedding digital trust (see Section. 2.3) into it whichpromises better security guarantees for the user.

2.2.2 Deployment Models

Different motivations to use/provide cloud services result in differentcloud deployment models. For example, an organization may be inter-ested in setting up a local cloud called Private Cloud, for better resourceutilization, and hence deliver IT services (XaaS) to various departments


Entity Role Example

InfrastructureProvider

Manage physical cloud plat-forms

Datacenters

Cloud Ser-vice Provider(CSP)

Rent resources from one ormany infrastructure providersto render IT services (SaaS,P aaS, IaaS) to the end user

Amazon Inc., GoogleInc., Microsoft Cor-poration

Cloud User orClient

lease or release IT services dy-namically on-demand from aCSP for own business opera-tions

An individual or abusiness like webhosting company etc.

Table 2.2: Stakeholders in a typical cloud model

(e.g. human resource, finance, etc.). On the other hand, a new/smallcompany might not want to invest heavily on procuring computing re-sources for its required IT services, rather prefer to lease the required ITservices from a third party cloud provider called a Public Cloud provider.Both models have their pros and cons which makes room for a HybridCloud which tries to maximize the benefits of both models and explorepossibilities to minimize the disadvantages of either model (public andprivate). However, selecting the right balance in utilizing a private orpublic resource remains an administrative and management challenge inhybrid clouds. We consider the security perspective of the public cloudswhich promise most business benefits but need better security solutionsto fulfill the requirements of many security sensitive users.

Public Clouds - The Security Perspective

The emergence of cloud computing has brought many benefits for both,the user and provider of the service. A large majority of normal IT users(e.g. home users) is already using one or more public cloud services atvery less cost3 (e.g. storage, email, etc.). However, many organizationsand businesses despite recognizing many business benefits promised bythe public clouds, hesitate in using public cloud services due to their se-curity concerns. Some companies tend to setup their own private cloudfor better internal resource utilization, and also to make their exist-

3Sometimes these services are available for free with some usage limitations


ing infrastructures cloud-compatible for any possible future migration tothe public clouds. However, large scale migration to public clouds bysuch organizations can only be made possible after the public clouds areequipped with the required security mechanisms. The goal of this re-search is to make public clouds secure enough such that they meet thesecurity requirements of both, the normal and security sensitive users.

2.3 Introducing Digital Trust

Trust4 plays an important role in a stable and long lasting business re-lationship. In the information technology field, the definition of trust isnot only limited to social aspects which strengthen it, for example, one-to-one relationship, the past experiences of both parties etc. Instead, theclient using a service remotely also needs mechanisms for security assess-ment of the underlying infrastructure. These mechanisms can be imple-mented using the technological advances and hence pave way for enablingdigital trust. The initiative to realize this digital trust was taken in 1999by a consortium called Trusted Computing Platform Alliance (TCPA).The TCPA consortium, initially having five members5, is succeeded byTrusted Computing Group (TCG) which has over 190 members to date.The distributed architecture of cloud computing, which is also a reasonfor lack of user trust in the cloud services, makes good use case andpotential area for trusted computing to strengthen user trust.

2.3.1 The Trusted Computing Group (TCG)

The Trusted Computing Group (TCG) is a non-profit, industry-standardsorganization6 with the mission of proposing specifications and technol-ogy for trusted computing platforms. A trusted computing platform isembedded with a tamper-resistant security chip called the Trusted Plat-form Module (TPM) which implements the most important TCG spec-ification [16]. The TCG proposed mechanisms can be used for:

• the security of information assets by using securely stored crypto-graphic keys in the TPM’s ’Protected Storage’.

4firm belief in the reliability, truth, or ability of someone or something (Oxford

Dictionary)5Compaq, HP, IBM, Intel, Microsoft6http://www.trustedcomputinggroup.org/about_tcg

2.3 Introducing Digital Trust 15

• securely storing the current platform state in TPM’s PlatformConfiguration Registers (PCR). The platform state can later bereported to a remote client for the platform integrity verificationthrough a process called Remote Attestation.

2.3.2 Trusted Platform Module (TPM)

The TCG defined Trusted Platform Module specifications can be imple-mented in hardware or software but hardware based TPM is consideredmore secure. The TPM is a fundamental security building block in theTCG architecture and therefore its components must function as in-tended. This can be ensured by following good engineering practices,manufacturing process and industry reviews. The main components ofa TPM are shown in Figure 2.3.

Figure 2.3: TPM Component Architecture

2.3.3 TPM - Key Management

The TCG proposed security and trust enhancing mechanisms are basedupon various protocols and principles supported by TPM. One of themain capabilities of the TPM is to provide data protection using varioustypes of TPM keys. TPM supports secure ways for its key managementwhich includes the following:

Key Creation: Asymmetric keys of various sizes and attributes can


be created using TPM_CreateWrapKey command [17] which uses randomnumber generator in the TPM.

Key Storage: Some root keys are stored in the TPM non-volatile stor-age (NV-storage) but that storage is not sufficient for all TPM keys;therefore other keys are usually stored out of TPM in a Key Cache afterin-chip encryption called key wrapping with one of the TPM-residentroot key (e.g. Storage Root Key)

Key Usage: A TPM key can only be used if it is already loaded inthe TPM. In order to use a wrapped key (which is stored out of theTPM), it is first decrypted with its root key and then loaded for therequired cryptographic operation.

A TPM supports many cryptographic operations such as encryp-tion/decryption, signing, reporting platform state, etc. As a basic secu-rity principle, different types of keys are used for different purposes forwhich the TCG classifies TPM keys into following 7 categories. Thesekeys make a key hierarchy as shown in Figure 2.4.

Figure 2.4: TPM Key Hierarchy


1. Endorsement Key (EK): Every TPM has a unique asymmetric keypair called Endorsement Key (EK). The EK is a non-migratable key,that is, its private part never leaves the TPM. The EK is usually gen-erated by the TPM manufacturer and should ideally be supplementedwith a certificate called Endorsement Credential that is stored in theTPM NV-storage. The EK is never used for encryption/decryption orsigning purposes rather its use is limited to only two tasks. First, toget the platform ownership which is a process of generating a StorageRoot Key (SRK) and is only possible with owner’s physical presence.Second, the EK is used in the protocol for platform identity registrationwith the Privacy-CA (PCA) who certifies the Attestation Identity Keys(AIK) discussed below.

2. Storage Keys: These are asymmetric keys used for storing other keysor data securely external to TPM. The ’Storage Root Key (SRK)’ isan important non-migratable storage key which is the root of all TPMprotected keys, that is, every TPM key is wrapped (encrypted) with theSRK before it is stored out of TPM. As stated earlier, SRK is generatedwhen the TPM ownership is taken.

3. Signing Keys: These are asymmetric keys which can only be used forsigning application data or messages.

4. Binding Keys: The bind keys are used to encrypt (or bind) smallamount of data (e.g. a symmetric key) on one platform and decrypt (orunbind) it on a remote platform.

5. Identity Keys: These are non-migratable keys and are also called At-testation Identity keys (AIK). These are exclusively used for signingTPM data like PCR register values. An AIK signed message also ac-companies an AIK certificate which is issued by a mutually trusted CAand certifies that the AIK is a non-migratable TPM key.

6. Authentication Keys: These are symmetric keys which are used tosecure communication channel with TPM.

7. Legacy Keys: These are legacy system keys which are created out ofTPM and then imported in the TPM for signing or encryption opera-tions.

2.3.4 TPM Message Protection

In this section, we first introduce the TPM supported operations formessage protection and later give a brief introduction of technique weused in our solutions for intended purpose. The TCG classifies TPMprotected messages in to the following four categories [18]:


1. Binding/Unbinding: The TCG notion of binding actually refers tothe encryption of a message using a public key whose correspondingprivate key is stored in the recipient’s TPM (usually in key cache).The platform with TPM unbinds (decrypts) the received message usingTPM_UnBind command after loading the private key in the TPM. It isnoteworthy here that the TPM does not have any command to do bind-ing which means that encryption is always performed out of TPM. Thebinding opertion is either performed by using the TCG Service ProviderInterface (TSPI) which is a part of TCG Software Stack (TSS) or by

any other available cryptographic library (e.g. JavaTM

CryptographicExtension7, OpenSSL8, etc.).

2. Signing: Signing is also a traditional cryptographic operation to en-sure the integrity and authenticity of the message. The TPM supportsTPM_Sign command that uses a signing key to return the required digitalsignature. The receipient of the message can use standard signature ver-ification process to verify the authenticity and integrity of the receivedmessage.

3. Sealing/Unsealing: Sealing is similar to binding in terms of encryp-tion but it also includes platform configuration which must be satisfiedto be able to unseal the message. Since sealing is a TPM operationtherefore for performance reasons usually small data like a symmetrickey is sealed/unsealed. Hence, in order to seal large amount of datait is first encrypted using a symmetric key which is then sealed (en-crypted) using a non-migratable asymmetric key by also providing theplatform configuration (PCR values). The platform can only unseal(decrypt) the message if it has the corresponding private key and alsothe platform configuration matches the values specified in the messagesealing. Two important points must be remembered while using theseal/unseal operation. First, in the seal operation any platform config-uration can be specified, current or future, which is must for unsealingthe data successfully; this implies that the platform is not required tobe in the trusted state when sealing is done. However, the TPM_Seal

command also includes the current platform state which is returned byTPM_UnSeal command and may, or may not, be of the user’s interest.Second, the seal and unseal operations must be performed on the sameplatform. This limitation restricts remote users to seal their data to thedestination platform.

7www.docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.

html8http://www.openssl.org/docs/crypto/rsa.html


4. Sealed-Signing: The sealed-signing combines the effects of both op-erations by including the PCR values in computing the digest to sign.This feature can be used to inspect the sender’s platform configurationat the time of message signing.

2.3.5 Sealing Data Remotely

As highlighted earlier, the seal and unseal operations must be performedon the same platform which means that a remote party cannot benefitfrom the protections provided by the seal operation. However, in dis-tributed systems such as clouds where the remote user owns the resource(a VM) which is managed by another entity, it can be very useful to sealuser data remotely to the correct platform in trusted state. This re-quirement also applies to a cloud user who wants his/her VM to runonly on known, trusted cloud platforms. We achieve the properties ofseal operation in our solutions described in Chapter 4 by using a TPMkey (we call it, bind key) which is locked to PCRs. We create this keywith TPM_CreateWrapKey command which allows to specify the requiredplatform state (represented by PCRs) to use that key. The public part ofthis key is then sent to the cloud user who can use the public bind key toencrypt the VM (by encrypting the symmetric key used to encrypt theuser VM). Since the private bind key is only available to the intendedplatform in correct configuration, the user VM is considered sealed tothat platform.

Chapter 3

Security Critical Areas inCloud Computing

There are many security critical areas in the cloud environments rangingfrom technical aspects (e.g. identity and access management, virtualiza-tion etc.) to the non-technical aspects (e.g. governance, compliance, au-dit). These security aspects are throughly discussed by Cloud SecurityAlliance (CSA)1 in a comprehensive security guidance document [19].A high priority list is compiled in another complementary document byCSA called the top threats to cloud security [20]. While CSA researchcovers all cloud environments, a more specific survey for IaaS cloud se-curity is done by Vaquero et al. in [21], which analyzes various existingsolutions with respect to the threats identified by CSA.

The existing body of research on cloud security, including the afore-mentioned research, identifies many cloud security risks. However, thefocus of this thesis is to make cloud services trustworthy for which trans-parency and security assessment are vital. These requirements are specif-ically mentioned by Security-as-a-Service working group2 in their reportwhich defines various categories of Security-as-a-Service (SecaaS) [22].The purpose of identifying SecaaS categories is to allow cloud users toevaluate the cloud service security to better decide whether the in placesecurity mechanisms meet user needs or not. The SecaaS defined cat-

1https://cloudsecurityalliance.org/2https://cloudsecurityalliance.org/research/secaas/

21

22 Chapter 3. Security Critical Areas in Cloud Computing

egories provide good basis to evaluate the security of a SaaS, PaaS orIaas cloud delivery model. Since we are focusing on an IaaS model, theIaaS only categories are highlighted (shown bold-faced) in Table.3.1. Allfive IaaS categories are considered in our solutions where ever they areapplicable (e.g. using gateways, VM encryption, etc.). However, ourresearch focus and provided solutions are closely related to the SecurityAssessment (category#5), which is elaborated in the following section.

Category Core Functionalities (listed for IaaSonly)

1: Identity and Access Manage-ment

Not applicable to IaaS (SaaS, PaaSonly)

2: Data Loss Prevention Not applicable to IaaS (SaaS, PaaSonly)

3: Web Security Not applicable to IaaS (Saas, PaaSonly)

4: Email Security Not applicable to IaaS (SaaS only)

5: Security Assessments Analyzing platform integrity, vulnera-bility testing and security/risk rating

6: Intrusion Management Providing physical security, Data traf-fic inspection

7: Security Information andEvent Management (SIEM)

Not applicable to IaaS (SaaS, PaaSonly)

8: Encryption Data protection at rest and in motion

9: Business Continuity andDisaster Recovery

Data and infrastructure replication, ge-ographically distributed infrastructure

10: Network Security Authentication and Access controls,DoS protection, security gateways

Table 3.1: CSA Defined Categories for Security-as-a-Service

3.1 Security Assessment of the Host Plat-

form

The core functionalities for the security assessment of the host plat-form include analyzing platform integrity, performing vulnerability test-ing and providing security and risk rating to the platforms. The security

3.2 Conclusion 23

assessment is generally considered to be done by third-party audits. Al-lowing a cloud user to do the security assessment of the cloud platformprior to the use of service, can help reinstate user trust in the offeredcloud service. Our solutions provide such mechanisms to the cloud user.The security of the host platform can be assessed by considering two as-pects - 1) the Physical Security and 2) Platform Integrity. These aspectsare discussed in the following sections.

3.1.1 Physical Security

The physical security comes under the intrusion management category(see Table.3.1) which is the responsibility of the CSP (or infrastructureprovider) who manages the datacenters. The existing methods for physi-cal intrusion detection, prevention and response are mature and reliable.These include hiring professional security staff, utilizing video surveil-lance, biometrics etc. The authorized staff is usually required to passtwo-factor authentication to access datacenter floors and all their ac-cesses are logged and audited [23]. All these security mechanisms makeit very difficult for an attacker to perform any physical attack (e.g. coldboot) on the the cloud platforms.

3.1.2 Platform Integrity

Securing host platforms against physical attacks is possible but still theoverall platform security depends upon its integrity which is measuredfrom its software configuration. The platform’s software configurationis represented by the software stack which is the list of every loadedsoftware component in the platform bootstrapping. The knowledge ofloaded software components in a platform is important for its vulnera-bility analysis, integrity verification and assigning it any security or riskrating. These tasks can be performed remotely by leveraging trustedcomputing which features secure boot for securely recording boot pro-cess, and supports secure protocols for remote integrity verification calledremote attestation.

3.2 Conclusion

As stated earlier, the physical security of the host platform can easilybe ensured. However, for overall platform security we must ensure the

24 Chapter 3. Security Critical Areas in Cloud Computing

integrity of the platform which is managed by the platform administra-tors. The role of platform administrators is to keep the platform secureand available for the required services for which may update platformconfiguration without needing any physical access. While providing ad-min rights to the management personnel is indispensable, a maliciousemployee can misuse his/her access rights to change the platform config-uration which could expose the platform to various vulnerabilities. Dueto such possibilities, a remote platform user always has fears of breachof his/her confidential data. However, if users are allowed to assess theplatform configuration themselves or by a trusted third party on theirbehalf, the user trust can be revived. We discuss such potential threatsand mechanisms to mitigate them in our solutions provided in Chap-ters 7-10.

Chapter 4

Our Solutions for Secureand Trustworthy CloudServices

In this chapter we discuss our followed research method in Section 4.1followed by our solutions that promise to secure the cloud services withparticular focus on making the cloud services transparent and trust-worthy. This chapter only summarizes the main contributions leavingfurther details for the second part of this document which elaborates ourcontributions in Chapter 7, 8, 9 and 10. Before presenting our solutions,first we describe the research method followed in this work.

4.1 Research Method

We adopted Constructive Research method [24] where the key idea isthe construction, which is based on the existing knowledge used in novelways, with possibly adding a few missing links. This means that theconstructive research is a hybrid of traditional scientific research withrespect to learning existing systems, and follows engineering researchin creating new artifacts. Following the constructive research hybridscheme, we used scientific research methods to study the current state-of-the-art, whereas the engineering research methods were used to produce

25

26 Chapter 4. Our Solutions for Secure Cloud Services

new results (i.e. models and protocols) based on the existing knowledgebase.

Our research goal, i.e. to enable user trust in the remote virtualizedplatforms (e.g. cloud), is derived and motivated by the industrial de-mand of investigating new service delivery models to get the potentialbenefits from new technological advances. Keeping the research goal inmind, we started with collecting the relevant knowledge by reading thespecifications, white papers, tutorials etc. The next step was to studythe current state-of-the-art and explore research problems in our researchdomain. This was done by following the scientific research methods ofliterature review which included peer reviewed academic and researchpublications indexed by publishers like IEEE1, Springer2, ACM3, etc. Theinitial outcome, i.e. our peer reviewed security requirements publication(See Chapter. 7), gave us an insight to the initial set of problems forfurther research.

The problems identified in the initial review were further exploredwith the objective of providing their solutions which are our main re-search contributions. We iteratively applied scientific research methodsto investigate each problem, which allowed us to refine and focus on aparticular research problem (e.g. VM launch, VM migration). The en-gineering research methods were used to provide the solutions for eachidentified problem, with the objective of using existing mechanisms andproviding novel extensions where required. As an outcome of the fol-lowed engineering process, we provided new models, protocols and aprototype that extends existing body of research. We analyzed our so-lutions using logical argumentation and reasoning approach to discusstheir security effectiveness. This is done by providing the security anal-ysis of the proposed solutions. Our solutions presented in this thesiscontribute towards the research goal of enabling user trust in the publicclouds.

1http://www.ieee.org/index.html2http://www.springer.com/3http://www.acm.org/

4.2 Security Analysis for Virtual Platform Provisioning 27

4.2 Security Analysis for Virtual Platform

Provisioning

We consider the generic model of provisioning virtual resources to theusers with the aim of analyzing and suggesting security requirements ofthe users.In our security analysis we assume an enterprise/organization(e.g. a telecommunication operator) to be the user of virtual resourceswho has very high security expectations from the service provider. Onthe other hand, the provider of the virtual resources can also have fearsabout misusing of their provisioned resources. The focus of our secu-rity analysis is to identify threats and list various security requirementsfrom both stakeholders’ perspective. We give a brief overview of our per-formed security analysis whereas the details can be found in Chapter 7.

4.2.1 Threats

In a virtual resource provisioning model both entities are vulnerable tovarious threats from the other party. We list major threats which areanalyzed to define the security requirements of both stakeholders:

• The attacker4 installs malicious code on the physical host or in theuser VM

• The host platform is badly configured by the provider which makesit vulnerable to various known attacks

• The provider accesses confidential run-time or configuration datafrom the user VM

• The user (i.e. owner of the VM) repudiates VM launch process

• The user attacks other user VMs running in parallel to affect theirfunctionality

• The user tries to get confidential data from other user VMs

• The attacker impersonates a legitimate provider or user

4The virtual resource provider or user


4.2.2 Security Requirements

The major security requirements derived from the analyzed threats arelisted below which are described in detail in Chapter 7.

• All communication between the user client and the entities in theprovider network (provider management machines, user VM, etc.)must be secured after mutual authentication.

• The user must have mechanisms (e.g. secure protocols) to remotelyverify the authenticity and integrity of the physical platform pro-visioned to host the user VM.

• The hypervisor which provides the isolation between different userVMs must be small to minimize vulnerabilities and to realize pos-sibilities of certifying it.

• The user VM must be allowed to migrate to other physical plat-forms without compromising the security of the running VM.

4.2.3 Summary

We considered various threats and requirements which included manyconventional security requirements tailored for our specific use case. Wealso identified security areas which need proper mechanisms and solu-tions to strengthen trust in the remotely provisioned virtualized services.While the conventional security requirements could be addressed by ex-isting standard security mechanisms, the security requirements for trustenhancing seem to be more challenging and interesting. The results fromour security analysis provide open research questions for further researchas described in the following sections.

4.3 Secure Virtual Machine Launch and Man-

agement Mechanism

In the virtual resource provisioning which corresponds to Infrastructure-as-a-Service cloud provisioning model, the first VM life cycle step isthe secure launching of user VM in the provider network. The threatsidentified in Section 4.2.1 and the the security requirements analyzed inSection 4.2.2 demand for a secure VM launch mechanism which could

4.3 Secure Virtual Machine Launch and ManagementMechanism 29

also allow the user to validate the security guarantees promised by theprovider. The possibility to validate the contractual guarantees duringthe VM launch process increases user trust in using the service. Wepropose and implements such mechanisms in a protocol that leveragesTrusted Computing techniques to fulfill user requirements. The proposedVM launch protocol is briefly described in the following section while thedetails can be found in Chapter 8.

4.3.1 VM launch

The design principles of the launch protocol rely on Trusted Comput-ing mechanisms like secure boot,sealing and remote attestation; there-fore, the host platform is first configured (see Section 8.4) to use theseTPM operations. The actual launch protocol has three main phases.In the first phase, the user client establishes a secure channel with theprovider network and gets various details of the destination platform likeits integrity state, user access policy, licensing information, Service LevelAgreements (SLAs), etc. The security profile of the platform which isdependent upon its integrity state is validated by the user client in thesecond phase of the protocol using remote attestation techniques. Fi-nally, in the third stage, the user client encrypts the VM image with aTPM key which is only available a) on the same validated platform, b)in the same attested state. The sealing of user VM to the attested plat-form ensures that the VM launch cannot be diverted to a compromisedor malicious platform.

4.3.2 VM Management

Once the VM is securely launched, the user needs to communicate withits VM whereas the provider needs a console to manage the platform.The user client-VM communication can be done using any existing re-mote platform management tool (e.g. SSH). On the other hand, theprovider management tasks are directed towards the management VM(in Dom0) for operations such as enabling or disabling resource usagemetering, modifying licensing policy, etc. These provider managementoperations are further described in Chapter 10.


4.3.3 Implementation

We implement the VM launch protocol and also the tools for managingthat VM after the launch. The launch protocol is focused on provid-ing security guarantees to the user that the host platform is trustwor-thy. On the other hand, the management tools allow the provider withmechanisms to transparently enforce usage/licensing policies on the userVM. However, the mechanisms for policy enforcement, such as insertingsoftware probes, is not part of this thesis contributions. The runningprototype of the VM launch and management mechanisms implementsentities like Privacy CA for platform identity registration and Procure-ment Server for resource allocation for VM launch. We provide a briefoverview of the following two main entities.

1. User/Provider Client: The client console runs in either of launchor management mode. Typically, the launch mode is only used bythe user for initiating his/her VM launch request. The user client inlaunch mode runs procurement, attestation and actual VM launchsteps to securely launch his/her VM on the procured platform. Theclient console in management mode allows cloud user to performVM operations like pause, resume, shutdown, etc. while allowingthe provider to enforce usage or licensing policies. The allowed op-erations for the clients are determined at the host platform by thePolicy Manager (See Section. 8.4.1) according to the connectingclient’s role (i.e. user or provider) as specified in his/her certificate.

2. Host Platform: The host platform (e.g the cloud platform inan IaaS cloud provisioning) runs the TCG Software Stack (TSS)which is used by our Management Agent to perform TPM oper-ations needed in the launch protocol. The management agent isimplemented and deployed at application layer in the ManagementVM (i.e. dom0). The management agent handles communica-tion with the clients and runs launch and management protocolsusing functionalities exposed by four components, namely Com-partment Manager, Integrity Manager, Credentials Manager andPolicy Manager. The details and working of these components aregiven in Section. 8.4.1.

4.4 Secure Virtual Machine Migration Mechanism 31

4.4 Secure Virtual Machine Migration Mech-anism

VM migration is an important VM management operation performed bythe provider in various circumstances. However, the secure VM launchsolution referred in Section 4.3.1, proposes sealing of the user VM to aspecific platform. As a consequence, the user VM cannot be migratedeven on legitimate cloud platforms. The main objective of secure VM mi-gration solution is to allow the provider to legitimately migrate user VMto other platforms without compromising on the security requirementslaid down for our previous solutions. Hence, we propose a VM migrationsolution which is secure, flexible, transparent and scalable. The detailsof our proposed migration mechanism are presented in Chapter 9. Weprovide a brief summary of the solution in the following sections.

4.4.1 Concepts

PTAA

In our VM migration solution we introduce an independent and trustedentity called Platform Trust Assurance Authority (PTAA). The PTAAis assumed to be a team/organization of computer security experts whoperform security analysis (e.g. penetration testing, vulnerability analy-sis, etc.) of different software components (e.g. an OS and its versions,applications) and define their security impact on the overall system. Us-ing the rating of each component in a system, the overall rating for thesystem is defined which is represented by a metric called Trust AssuranceLevel (TAL) which can be a numeric (e.g 1,2,3) or verbal(e.g. least, low,average, normal, high) value.

Trust_Token

The TAL-value assigned to a platform configuration must be communi-cated to the platform verifier with an assurance that the platform con-figuration has not been changed after getting a higher Trust AssuranceLevel. We achieve this by introducing a Trust_Token which ties theTAL-value with a TPM based, non-migratable, asymmetric key paircalled bind key that is only available to the PTAA certified platform


in the evaluated configuration (see next section). The Trust_Token alsocontains platform ID and the time when it is generated as shown below.

T T = SignP T AA[T TID, P LAT F ORMID, T AL − val, P KBIND, T ]

4.4.2 Platform Certification (Phase-I)

The platform certification phase is separated from actual VM migrationphase for performance and scalability reasons. The platform certificationis performed by the provider immediately after she sets up the platformfor provisioning. However, the certification process can be done any latertime as well, for example, after platform up gradation to achieve higherTrust Assurance Level. The outcome of the certification process is aTrust_Token that is received by the platform. The Trust_Token canlater be used in actual VM migration phase (see Section 4.4.3) withoutany need to involve the trusted third party, that is, PTAA.

4.4.3 VM Migration (Phase-II)

The significance of our migration scheme is the usage of security andtrust assuring bind key which is shared between the source and des-tination platforms by sharing each others Trust_Tokens. Other thansharing encryption keys, the Trust_Tokens also provides the TAL-valueof the destination platform which rates the trustworthiness of the plat-form. The user VM can only be migrated to the destination platform ifit satisfies a minimum threshold of the TAL-value specified by the userin its VM migration policy. If the destination platform is found “trust-worthy”, the VM is sent to the destination after encrypting it with thebind key. The bind key properties ensure that the VM can be decryptedat the destination platform if and only if it has the same configurationfor which it was assigned the TAL-value. Finally, after successful VMmigration the user gets a notification who can then optionally audit theintegrity of new VM destination (e.g. by sending a bind key encryptedchallenge to the platform)

4.4 Secure Virtual Machine Migration Mechanism 33

4.4.4 Conclusion

The proposed migration scheme tries to fix the loopholes which can beexploited by the malicious insiders to extract confidential data from userVMs. The scheme allows user to specify, ensure and audit that his/herVM will only be hosted on legitimate secure platforms during its life-time (i.e. initial launch, any subsequent migration). We consider dif-ferent aspects for a viable VM migration solution and define variousrequirements. The summary of these considerations, requirements andour proposed mechanisms is presented in Table 4.1

Consideration Requirement(s) Mechanisms

Security Protected in transit Strong TPM keys usedTrustworthy Desti-nation

VM sealed to secure configura-tion

Flexibility Easily migratablewithout compro-mising on Security

Trust_Token which can specifyuser acceptable threshold

Transparency Should be per-formed withoutuser involvementwithout compro-mising on security

Trusted Third Party - PTAAwho only tags the cloud plat-forms (i.e. their TAL)

Scalability Avoid single pointof failure

Migration Keys are local to plat-form - not stored centrally

Table 4.1: Important Features of our Proposed Secure VM MigrationSolution

Chapter 5

Conclusions

In this thesis we focused on the reasons (in Chapter. 3) for existing trustdeficit amongst the cloud stakeholders and provided their solutions (inChapter. 4). We addressed IaaS public clouds with specific focus on thesecurity issues in the initial phases of the VM life cycle, that is, VMlaunch and migration. In this chapter, we present a brief summary ofour work covered in this thesis, followed by the future work section whichpresents further tasks and research problems that we plan to follow.

5.1 Summary

This thesis addressed the public clouds and focused on their securityaspects, particularly the transparent provisioning of Infrastructure-as-a-service (IaaS). We identified reasons which question the trustworthinessof the cloud services and hinder many potential users to migrate fromself-hosted IT services to the cloud-hosted services despite many busi-ness benefits. From our security analysis we concluded that the exist-ing IaaS leasing mechanisms only provide contractual assurances to thecloud users through Service Level Agreements (SLAs) while leaving theverification of the compliance to the third party auditors. Although, theexisting mechanisms can allow auditors to detect reasons for any securitybreach (e.g. a cloud platform configuration does not match with the onementioned in the SLA), these audits are usually scheduled over a certainspan of time. As a result, any security breach due to non-compliancecannot be reversed which only leaves reactive measures for both stake-

35

36 Chapter 5. Conclusions

holders (e.g. settling issues in the courts). Hence, a security sensitiveuser usually do not take risk of sending his/her confidential data to thecloud in the very first place. We identified such user concerns in our se-curity analysis and highlighted various security requirements for a publicIaaS cloud model.

We proposed a secure VM launch solution which addresses the secu-rity requirements identified in our security requirements analysis. Theproposed secure VM launch solution uses trusted computing techniquesto allow the cloud users to validate security properties of the host cloudplatforms before using the cloud service. The verify before use approachintroduced in VM launch stage ensures that the user VM is only launchedon a trustworthy cloud platform.

In a cloud environment the virtual machines can migrate from onecloud platform to the other due to various management and administra-tive reasons. This means that the user does not only need assurancesof the platform security at VM launch stage, rather later stages of VMlife cycle also needs same protection against the threats identified in oursecurity requirements analysis. Hence, to ensure the overall security ofthe user VM, we proposed mechanisms for secure VM migration on thesame trust-enabling principles as used in the earlier VM launch solution.The extended approach used in the VM migration solution allows itseasy deployment in a large set of IaaS usage scenarios.

The security mechanisms used in our solutions included Trusted Com-puting techniques which are well defined in the specifications. However,the trusted computing APIs which can be used in any TPM-aware appli-cation or protocols (e.g. launch and migration) are still not available inany existing operating system distribution. Currently, the TCG APIs areonly available as Proof-of-Concept (PoC) implementations of the TCGSoftware Stack (TSS) such as TrouSerS1, jTSS2, TPM/J3, etc. whichare different research projects working on the practical deployment ofTCG based systems. Therefore, it is very important for any new appli-cation, architecture or solution that use the TCG mechanisms to providea PoC implementation (e.g. OpenPTS4). We also provided a provideda prototype implementation to prove the implementation feasibility ofour proposed mechanisms. Our prototype includes a trusted comput-

1http://trousers.sourceforge.net/2http://trustedjava.sourceforge.net/index.php?item=jtss/readme3http://projects.csail.mit.edu/tc/tpmj/4http://openpts.sourceforge.jp/

5.2 Future Work 37

ing platform with all required credentials (like Platform credential, AIKcredential, etc.), other software entities (client, controller, etc.) and ourproposed protocol implementations.

5.2 Future Work

In the future, we plan to use our results achieved so far and continueour research in improving, maturing and deploying our current secureVM life cycle management solutions. The first steps towards this direc-tion include integrating the VM launch and migration mechanisms anddeploying the solution in an open source cloud infrastructure like Open-Stack [25]. The efforts required for such integration include investigatingand realizing the Platform Trust Assurance Authority introduced in oursecure VM migration solution. The security assessment and rating of thecloud platforms done by the PTAA can be based upon the current state-of-the-art in vulnerability analysis with required extensions, as well asthe techniques used in current Intrusion Detection Systems (IDS). Alongwith complementing current solutions, we also plan to simultaneouslyexplore new research problems in the VM life cycle management suchas the secure solutions for license management in the virtualized/cloudenvironments.

Chapter 6

Overview of Papers

6.1 Paper A

Security Considerations for Virtual Platform Provisioning.Mudassar Aslam, Christian Gehrmann. In European Conference onInformation Warfare and Security ECIW-2011, 7-8 July 2011, Tallin,Estonia.

summary The concept of virtualization is not new but leveraging vir-tualization in different modes and at different layers has revolutionizedits usage scenarios. Virtualization can be applied at application layer tocreate sandbox environment, operating system layer to virtualize sharedsystem resources (e.g. memory, CPU), at platform level or in any otheruseful possible hybrid scheme. When virtualization is applied at platformlevel, the resulting virtualized platform can run multiple virtual machinesas if they were physically separated real machines. Provisioning virtu-alized platforms in this way is often also referred to as Infrastructure-as-a-Service or Platform-as-a-Service when full hosting and applicationsupport is also offered. Different business models, like data-centers ortelecommunication providers and operators, can get business benefits byusing platform virtualization due to the possibility of increased resourceutilization and reduced upfront infrastructure setup expenditures. Thisopportunity comes together with new security issues. An organizationthat runs services in form of virtual machine images on an offered plat-form needs security guarantees. In short, it wants evidence that the

39

40 Chapter 6. Overview of Papers

platforms it utilizes are trustworthy and that sensitive information isprotected. Even if this sounds natural and straight forward, few at-tempts have been made to analyze in details what these expectationsmeans from a security technology perspective in a realistic deploymentscenario. In this paper we present a telecommunication virtualized plat-form provisioning scenario with two major stakeholders, the operatorwho utilizes virtualized telecommunication platform resources and theservice provider, who offers such resources to operators. We make threatsanalysis for this scenario and derive major security requirements fromthe different stakeholders’ perspectives. Through investigating a partic-ular virtual machine provisioning use case, we take the first steps towardsa better understanding of the major security obstacles with respect toplatform service offerings. The last couple of years we have seen in-creased activities around security for clouds regarding different usageand business models. We contribute to this important area through athorough security analysis of a concrete deployment scenario. Finally,we use the security requirements derived through the analysis to makea comparison with contemporary related research and to identify futureresearch challenges in the area.

Contribution This paper provides a security analysis for a distributedsystem where virtual resources are provisioned to the remote users. Thepaper considers a more specific use case of IaaS cloud model and identi-fies various threats that undermine user trust in the cloud environments.The paper lists major security requirements of the stakeholders and alsorecommends a set of security mechanisms which are useful for establish-ing trust among cloud stakeholders.

My Contribution I did the major work presented in this paper. Theidea to write these research findings in a paper was mine. The paperwas completely written by me except some parts in the Introduction sec-tion which were contributed by my co-supervisor, Christian Gehrmann.Other than that, Christian also provided useful input to define the areaand improve paper quality.

6.2 Paper B 41

6.2 Paper B

Securely Launching Virtual Machines on Trustworthy Platforms in aPublic Cloud.Mudassar Aslam, Christian Gehrmann, Lars Rasmusson, Mats Björk-man. In 2nd International Conference on Cloud Computing and ServicesScience, CLOSER 2012, 18-21 April 2012, Porto, Portugal.

summary In this paper we consider the Infrastructure-as-a-Service(IaaS) cloud model which allows cloud users to run their own virtualmachines (VMs) on available cloud computing resources. IaaS gives en-terprises the possibility to outsource their process workloads with min-imal effort and expense. However, one major problem with existingapproaches of cloud leasing, is that the users can only get contractualguarantees regarding the integrity of the offered platforms. The fact thatthe IaaS user himself or herself cannot verify the provider promised cloudplatform integrity, is a security risk which threatens to prevent the IaaSbusiness in general. In this paper we address this issue and propose anovel secure VM launch protocol using Trusted Computing techniques.This protocol allows the cloud IaaS users to securely bind the VM toa trusted computer configuration such that the clear text VM only willrun on a platform that has been booted into a trustworthy state. Thiscapability builds user confidence and can serve as an important enablerfor creating trust in public clouds. We evaluate the feasibility of ourproposed protocol via a full scale system implementation and perform asystem security analysis.

Contribution The main contribution of this paper is a secure VMlaunch protocol which enables verifiable trust between the cloud userand provider. The proposed protocol leverages state-of-the-art hardwaresecurity features provided by trusted computing to provide security as-surances of the host platform to a remote party (i.e. cloud user). Theresearch presented in this paper also includes a running prototype ofthe proposed VM launch protocol which validates its implementationfeasibility.

My Contribution The paper was mainly motivated and written byme with some contributions from my co-supervisor, Christian Gehrmann.

42 Chapter 6. Overview of Papers

He also contributed to revise the launch protocol with his useful sugges-tions to make it comprehensive and secure. The research required tosetup a trusted computing platform as well as all the implementationeffort required to test a running prototype was done by me.

6.3 Paper C

Security and Trust Preserving VM Migrations in Public Clouds.Mudassar Aslam, Christian Gehrmann, Mats Björkman. In 2nd IEEEInternational Symposium on Trust and Security in Cloud Computing,part of IEEE TrustCom-12, 25-27 June 2012, Liverpool, UK.

summary In this paper we consider the security and trust implica-tions of virtual machine (VM) migration from one cloud platform tothe other in an Infrastructure-as-a-Service (IaaS) cloud service model.We show how to extend and complement previous Trusted Computingtechniques for secure VM launch to also cover the VM migration case.In particular, we propose a Trust_Token based VM migration protocolwhich guarantees that the user VM can only be migrated to a trustwor-thy cloud platform. Different from previous schemes, our solution is notdependent on an active (on-line) trusted third party. We show how ourproposed mechanisms fulfill major security and trust requirements forsecure VM migration in cloud environments.

Contribution The idea of labeling security profiles to the cloud plat-forms was not new. However, there was no practical mechanism ofsecurely implementing such profiles. We introduced a trust credentialcalled Trust_Token which is used to define and assign Trust AssuranceLevels to the cloud platforms. Based on this new credential we proposeda secure VM migration scheme which addresses one of the major securityconcerns of the cloud users.

My Contribution The requirement of secure VM migration was in-troduced by my co-supervisor, Christian Gehrmann. I did all literaturereview, requirements formulation and suggested the concepts introducedfor the solution. The migration protocol was proposed by me with somecorrective feedback from Christian. The idea to write this paper was

6.4 Paper D 43

mine and I wrote the complete paper which was refined by the usefulfeedback of my both supervisors, Christian and Mats.

6.4 Paper D

Protecting Private Data in the Cloud.Lars Rasmusson, Mudassar Aslam. In 2nd International Conferenceon Cloud Computing and Services Science, CLOSER 2012, 18-21 April2012, Porto, Portugal.

summary Companies that process business critical and secret data arereluctant to use utility and cloud computing for the risk that their datagets stolen by rogue system administrators at the hosting company. Wedescribe a system organization that prevents host administrators fromdirectly accessing or installing eavesdropping software on the machinethat holds the client’s valuable data. Clients are monitored via machinecode probes that are inlined into the clients’ programs at runtime. Thesystem enables the cloud provider to install and remove software probesinto the machine code without stopping the client’s program, and itprevents the provider from installing probes not granted by the client.

Contribution The main contributions of this paper is a novice wayof monitoring clients VMs by using binary translation framework. Themachine code probes are inserted to monitor the client VM only if theclient grants such monitoring. Hence, only legitimate and client allowedmonitoring of the client VM is possible which can build clients trust inthe public clouds.

My Contribution I contributed in proposing and implementing waysfor secure the mutually agreed policy for the user VM. Other than that,my main contribution was in the implementation of the VM managementmodule which was as extension to the VM launch module (See Chap-ter. 7). I also contributed in the integration of the Binary Code Inlinerwith the launch manager to realize a full working prototype supportingboth, secure VM launch and management.

Bibliography

[1] Peter Mell and Timothy Grance. The NIST Definition of CloudComputing (Draft). http://csrc.nist.gov/publications/

nistpubs/800-145/SP800-145.pdf, September 2011.

[2] CircleID. Survey: Cloud Computing ’No Hype’, But Fear of Secu-rity and Control Slowing Adoption. http://www.circleid.com/

posts/20090226_cloud_computing_hype_security/, 2009.

[3] http://www.cloudsecurityalliance.org, 2008.

[4] Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Har-ris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xenand the art of virtualization. SIGOPS Oper. Syst. Rev., 37:164–177,October 2003. http://doi.acm.org/10.1145/1165389.945462.

[5] Kernel Based Virtual Machine. http://www.linux-kvm.org/

page/Main_Page, 2011.

[6] VMware Inc., Virtualization Solutions. http://www.vmware.com/

virtualization/, 2011.

[7] Google Docs. http://www.docs.google.com/, 2012.

[8] SAP Cloud Solutions. http://www.sap.com/solutions/

technology/cloud/overview/solutions.epx, 2012.

[9] Rackspace Hosted Apps. http://www.rackspace.com/apps/,2012.

[10] SalesForce.com. http://www.force.com/, 2012.

[11] Windows Azure. http://www.windowsazure.com/en-us/, 2012.

45

46 Bibliography

[12] Google App Engine. https://developers.google.com/

appengine/, 2012.

[13] Amazon Elastic Compute Cloud (Amazon EC2). http://aws.

amazon.com/ec2/, 2012.

[14] GoGrid. http://www.gogrid.com/, 2012.

[15] FlexiScale Public Cloud. http://www.flexiscale.com/products/

flexiscale/, 2012.

[16] TPM Specification, TPM Main Part-I Design Principles.http://www.trustedcomputinggroup.org/resources/tpm_

main_specification, March 2011.

[17] TPM Specification, TPM Main Part-III Design Principles. http://

www.trustedcomputinggroup.org/resources, July 2007.

[18] TCG Specification Architecture Overview. http://www.

trustedcomputinggroup.org/resources, August 2007.

[19] Security guidance for critical areas of focus in cloud com-puting. http://www.cloudsecurityalliance.org/guidance/

csaguide.v2.1.pdf, 2009.

[20] Top Threats to Cloud Computing. Technical Report Version 1.0,Cloud Security Alliance, March 2010.

[21] Luis M. Vaquero, Luis Rodero-Merino, and Daniel Morán. Lockingthe sky: a survey on iaas cloud security. Computing, 91:93–118,January 2011.

[22] Cloud Security Alliance - Security as a Service Working Group.Defined Category of Services. https://cloudsecurityalliance.

org/wp-content/uploads/2011/09/SecaaS_V1_0.pdf, 2011.

[23] Amazon Web Services - Overview of Security Processes. http://

aws.amazon.com/security, 2011.

[24] Gordana Crnkovic. Constructive research and info-computationalknowledge generation. In Lorenzo Magnani, Walter Carnielli, andClaudio Pizzi, editors, Model-Based Reasoning in Science and Tech-nology, volume 314 of Studies in Computational Intelligence, pages

359–380. Springer Berlin Heidelberg, 2010. 10.1007/978-3-642-15223-8_20.

[25] Open Source Software for Building Private and Public Clouds.http://www.openstack.org/, 2012.

secure service provisioning in a public cloud

Documents