A Trust Verification Architecture with Hardware Root for Secure Clouds

Abstract

Cloud security has become a vital issue within thousands of inter-connected servers in clouds, as malicious attacks or discovered vulnerabilities may spread more rapidly than ever. Based on the opinion that hardware is more secure and trustworthy, a trust platform module (TPM) is used as an external chip to ensure the trust verification, while it's unsuitable as virtual machine (VM) migration, hybrid servers, distributed storage with a low performance. So, we design a novel cloud architecture with a special physical server named as the trust verification server (TVS) to provide trust services according to the TPM specification, then the servers in the cloud can use TVS remotely as a high-performance TPM chip. In this paper, we design the TVS with accelerator hardware, upgrade the cloud architecture with an additional certificate authority (CA) server, and use TVS with a non-interference trust measurement model. The experiments show that the TVS can work efficiently with huge performance improvements at more than 100 times compared with the use of TPM in the cloud. This can be used to solve the complex cloud security problems such as VM sprawl and VM escape.