Trusted Virtual Infrastructure Bootstrapping for On Demand Services

Abstract

As cloud computing continues to gain traction, a great deal of effort is being expended in researching the most effective ways to build and manage secure and trustworthy clouds. Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to the multi-tenant and potentially multi-provider nature of Cloud Infrastructure. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services. Although the first task is a traditional task in security engineering, dynamic provisioning of managed security services in virtualized environment remains a problem and requires additional research. Entire frameworks have been proposed and demonstrated but although successful, there is a tendency to see such solutions as integrated 'all in one' infrastructures. This paper describes a light-weight mechanism and protocol for building trust between two machines that takes advantage of the Trusted Platform Module (TPM) to handle a key exchange and remote trusted deployment of a bootstrapping tool (referred to as the Bootstrapping Initiator (BI)). Once deployed, the BI can execute any arbitrary software required which could be (but is not limited to) solutions for advanced architecture management such as the Dynamic Access Control Infrastructure (DACI). The proposed solution provides a light-weight layer of trust backed by a TPM that additional systems can build upon as required by the individual use case without the requirement for a specific management or security infrastructure to be deployed along with it.