A thin client friendly trusted execution framework for infrastructure-as-a-service clouds

Abstract

Individuals and businesses are moving to cloud-based services, to benefit from their pay-as-you-go and elastic scalability features. The main concern to wide adoption of cloud-based services is the lack of protection of clients’ data and computation from the various outsider as well as insider attacks, which threaten to compromise client data confidentiality and integrity. Trusted computing provides a foundation for designing security services that are resilient to various threats and attacks in a distributed environment such as the cloud. Current trusted computing based solutions are ill-suited to the cloud as they inadvertently disclose too many details about the underlying infrastructure to clients and at the same time involve the complex task of attestation and verification on the client side. Additionally, direct verification of security properties of the cloud platform to each and every client introduces computational bottlenecks. In this work, we propose a scalable framework which enables verification of the properties of the cloud platform through a trusted third party without the direct involvement of the client. Our proposed framework is thin client (mobile device) friendly, as the client is alleviated of direct attestation and verification process. Performance analysis shows that the cost of our presented approach is lower in order of magnitude when compared with traditional trusted computing based solutions.