Cloud Computing: Security and Trusted Platform Analysis

Verified

Added on 2023/01/23

AI Summary

This report delves into the critical aspects of cloud computing security, focusing on the challenges of maintaining data confidentiality and integrity within Infrastructure as a Service (IaaS) environments. It examines the limitations of current cloud computing services in providing verifiable security and proposes the design of a trusted cloud computing platform (TCCP) to address these issues. The report details how TCCP enables IaaS providers, such as Amazon EC2, to offer a closed-box execution environment, ensuring the confidential execution of guest virtual machines. It emphasizes the importance of remote attestation, allowing users to assess the security of the IaaS provider before launching virtual machines. The discussion covers various software engineering methodologies and technologies, including Trusted Platform Modules (TPM) and trusted virtual machine monitors (TVMM), to secure the platform's integrity. The report also highlights the architecture of TCCP, including a trusted coordinator and TVMM, to prevent unauthorized access and modification of virtual machines. Finally, the paper provides a comprehensive analysis of cloud computing security, covering the design, implementation, and evaluation of a TCCP prototype.

Running head: SOFTWARE ENGINEERING METHODOLOGY
SOFTWARE ENGINEERING METHODOLOGY
Name of Student
Name of University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SOFTWARE ENGINEERING METHODOLOGY
Introduction
This particular article discusses regarding the infrastructure of cloud computing, this
infrastructure enables companies to reduce the costs. This is done by outsourcing the
computations that are in demand [1]. Clients of various services of cloud computing do not have
methods to verify confidentiality as well as integrity of the data as well as computation.
Companies are allowed to reduce the IT costs with the help of offloading computation and data
to the services in cloud computing. Inspite of this, the organizations implement cloud computing
services due to the outstanding concerns of security [3]. The most serious concerns include the
possibility of the violation of confidentiality. Accidentally or maliciously the employees of cloud
providers might tamper with the data of the company. Some actions might harm the finance or
reputation of the company. For maintaining confidentiality, the customers of cloud services
might carry out encryption [6]. Encryption is helpful for the purpose of securing information
even before the data has been stored by the provider. This service could not be applied in cases
where information needs to be computed because the data that has not been encrypted data
should reside within the host’s memory that runs the computation.
Discussion
Various myriads of various cloud providers provide services at numerous layers
belonging to the stack of software. In the lower layers, the Infrastructure as a Service providers
like Amazon, GoGrid and Flexiscale allow various customers for gaining access to the overall
virtual machines that is hosted by various providers [2]. A customer as well as user of a
particular system provides the complete stack of software that runs within a virtual machine. At a

2SOFTWARE ENGINEERING METHODOLOGY
high layer, the Software as a Service like Google Apps provide applications that are available
online and could be directly executed by the users [5]. The main issue in guaranteeing privacy of
the computations is increased for the services that are present in the higher layers of software
stack. This is because the services provide as well as runs the software which manipulates the
data of customers directly [4]. This particular assignment focuses on lower layers where securing
the virtual machine of a customer is manageable.
A sysadmin of cloud providers that are given the privileged control on the blackened
might perpetrate numerous attacks for accessing the memory of the virtual machine of the
customer [7]. With the root privileges in every machine, the sysadmin would be able to install as
well as execute all the types of software for performing any attack. In case Xen is utilized in the
backend, it allows a particular sysadmin to run a particular user level processes in Dom () which
would access the content of the memory of VM at the run time directly [10]. In case physical
access of machine is provide, sysadmin would be allowed to perform various sophisticated
attacks such as cold boot attacks and then tamper them with the use of hardware [8]. In present
providers of IaaS, the users are allowed to consider that no one accumulates the entire set of
privileges. Besides this, the providers deploy a stringent security device, surveillance machine
and restricted policies of access control for protecting the hardware’s physical integrity [9].
Hence it has been assumed in this paper that enforcing a particular security perimeter, the
provider could prevent the attacks that need physical access to various machines.
Trusted computing group had proposed a specific set of hardware as well as software
technologies for enabling construction of various trusted platforms module (TPM) chip, this chip
has now been bundled along with commodity hardware [1]. This TPM has a particular
endorsement private key which identifies TPM along with the functions of cryptography which

3SOFTWARE ENGINEERING METHODOLOGY
can never be modified. The manufacturers sign a specific corresponding public key for
guaranteeing the correctness of the chip as well as validity of a specific key. Various trusted
platforms sometimes leverage various features of the TPM chips for enabling the remote
attestation. The mechanisms work using various strategies [2]. During the boot time, host helps
in computing a specific measurement list which includes a particular sequence of hashes of the
software that are involved in complete sequence of boot. The ML is usually stored in the TMP of
host. In order to asset to the platform, a particular party that is remote in nature challenges the
platform that runs in the host along with nonce [3]. The platform then asks the TCM in creating a
particular message that contains both ML as well as nu, which is encrypted with the private EK
of TPM. The message is sent back by the host to remote part, this remote party has the ability to
decrypt the message using the public key of EK, this helps in authenticating the host. Hence the
TCCP requires providing a particular remote attestation which guarantees the ability to immute
of the security properties of the platform.
A particular trusted platform such as Terra deals with implementing a thin VMM which
enforces a particular execution environment which is similar to a closed box. This presents the
fact that the guest VM that runs on top could not be modified or spected by any user that is
completely privileged on the host [4]. The VMM provides guarantee of its integrity till the
machine reboots. Hence the remote party would be able to attest the platform that is running at
the host and ensures that the computation running in a guest virtual machine is completely
secured.
This paper presents a particular cloud computing platform (TCCP) which provides an
execution environment that is closed box in nature. This sort of environment is provided by
extending overall concept of the trusted platform to a complete IaaS [5]. The TCCP enhances the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4SOFTWARE ENGINEERING METHODOLOGY
back ends of IaaS in order to enable the closed box semantics without any sustainability that
would be responsible in changing the architecture. The computing baase of TCCP that is mostly
trusted includes two parts; these parts are a trusted coordinator and a trusted virtual machine
monitor [10]. Every node of the backend executes a TVMM which hosts the virtual machine of
the customers. They also help in preventing privileged users from modifying or specting them in
any way. The TVMM aims in protecting its integrity over time [8]. It also complied with the
protocols of TCCP. Nodes are responsible for embedding certified the TPM chip and it should go
through a particular secured boot process for the purpose of installing the TVMM.
Conclusion
This particular paper argues regarding the concerns of integrity and confidentiality of
data. In this case the computation as well as data are major parts for the enterprise looking for the
purpose of embracing cloud computing. This paper presents the specific design of a particular
platform for cloud computing which is mostly trusted and which enables the IaaS services like
Amazon EC2 for providing an execution environment that is the nature of closed box. TCCP
provides execution of the guest virtual machines in confidential manner, it allows the users to
attest to IaaS providers and then determine in the services are secured before they have even
launched the virtual machines. Various researches had implemented a completely functional
prototype that is based on the design that has been discussed in this paper; hence they have
evaluated its overall performance in the upcoming future.

5SOFTWARE ENGINEERING METHODOLOGY
References
[1] J., Aikat, A., Akella, J.S., Chase, A., Juels, M., Reiter, T., Ristenpart, V. Sekar, and M.,
Swift. Rethinking security in the era of cloud computing. IEEE Security & Privacy. 2017
[2] S., Berger, K., Goldman, D., Pendarakis, D., Safford, E. Valdez and M., Zohar, March.
Scalable attestation: A step toward secure and trusted clouds. In 2015 IEEE International
Conference on Cloud Engineering (pp. 185-194). IEEE. 2015
[3] S. Narula and A., Jain, February. Cloud computing security: Amazon web service. In 2015
Fifth International Conference on Advanced Computing & Communication Technologies (pp.
501-505). IEEE. 2015
[4] J., Wang, X., Li, J., Chen, J. Zhao and J., Shen. Towards achieving flexible and verifiable
search for outsourced database in cloud computing. Future Generation Computer Systems, 67,
pp.266-275. 2017
[5] A., Maarouf, A. Marzouk, and A., Haqiq, March. Towards a trusted third party based on
multi-agent systems for automatic control of the quality of service contract in the cloud
computing. In 2015 International Conference on Electrical and Information Technologies
(ICEIT) (pp. 311-315). IEEE. 2015
[6] Z., Liu, Y., Li, J., Huang, X. Cheng, and C., Shen. DivORAM: Towards a practical oblivious
RAM with variable block size. Information Sciences, 447, pp.1-11.
Adjei, J.K., 2015. Explaining the role of trust in cloud computing services. info, 17(1), pp.54-67.
2018

6SOFTWARE ENGINEERING METHODOLOGY
[7] M.H., Ghahramani, M. Zhou, and C.T., Hon. Toward cloud computing QoS architecture:
Analysis of cloud systems and cloud services. IEEE/CAA Journal of Automatica Sinica, 4(1),
pp.6-18. 2017
[8] N., Santos, K.P. Gummadi, and R., Rodrigues. Towards Trusted Cloud
Computing. HotCloud, 9(9), p.3. 2009
[9] A., Botta, W., De Donato, V. Persico, and A., Pescapé. Integration of cloud computing and
internet of things: a survey. Future generation computer systems, 56, pp.684-700. 2016
[10] M.A., Khan. A survey of security issues for cloud computing. Journal of network and
computer applications, 71, pp.11-29. 2016