Abstract
Utilizing Trusted computing technology to enhance the security of Cloud has become a hot research, and a large number of solutions have been proposed in recent years. However, all of these solutions are focused on separating one Virtual Machine (VM) from others, and it is too strict for practical scenario as it forbids the communication between VMs. In this paper we propose a trust transitive model, named Dynamic Integrity Measurement Model (DIMM), for two VMs communication, and then an implementation of DIMM prototype is given. When dataflow occurs between two VMs, the DIMM will keep the trustworthiness of a system by ensuring the integrity of VMs and the delivered message. We also demonstrate the effectiveness of the model by experiments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
TCG Specfication Architecture Overview. https://www.trustedcomputinggroup.org
Khan, A.: Virtual machine security. Int. J. Inf. Comput. Secur. 9(1–2), 49–84 (2017)
Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 228–238. IEEE (1999)
Fan, Z., Shu, C., Yongxuan, S.: Noninterference model for integrity. J. Commun. 32(10), 78–85 (2011)
Zhang, X., et al.: A formal method based on noninterference for analyzing trust chain of trusted computing platform. Chin. J. Comput. 33(1), 74–81 (2010)
Zhang, X., et al.: SecureBus: towards application-transparent trusted computing with mandatory access control. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 117–126. ACM (2007)
Zhang, X., Chen, Y.L., Shen, C.X.: Non-interference trusted model based on processes. J. Commun. 30(3), 6–11 (2009)
Perez, R., et al.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)
Scarlata, V., et al.: TPM virtualization: building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Vieweg+Teubner, Berlin (2008). https://doi.org/10.1007/978-3-8348-9452-6_4
England, P., Loeser, J.: Para-virtualized TPM sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68979-9_9
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_1
Strasser, M.: A software-based TPM emulator for Linux. Department of Computer Science, Swiss Federal Institute of Technology, Zurich (2004)
Rongyu, H., Shaojie, W., Lu, I.: A user-specific trusted virtual environment for cloud computing. Inf. Technol. J. 12(10), 1905–1913 (2013)
Rushby, J.: Noninterference, Transitivity, and Channel-Control Security Policies. SRI International, Computer Science Laboratory (1992)
Garfinkel, T., et al.: Terra: a virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, pp. 193–206. ACM (2003)
Garfinkel, T., et al.: A virtual machine introspection based architecture for intrusion detection. In: Ndss, pp. 191–206 (2003)
Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: ATEC 2006: Proceedings of the Annual Conference on USENIX 2006 Annual Technical Conference, p. 1 (2006)
Payne, B.D., Martim, D.P.A., Lee, W.: Secure and flexible monitoring of virtual machines. In: Twenty-Third Annual of Computer Security Applications Conference, ACSAC 2007, pp. 385–397. IEEE (2007)
Vulnerability in xenserver could result in privilege escalation and arbitrary code execution. http://support.citrix.com/article/CTX118766. Accessed Nov 2011
Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for trusted computing. In: HotOS, pp. 145–150 (2003)
Acknowledgments
This research was financially supported by National Natural Science Foundation of China (Project 61572517) and the Science and Technology Plan Projects of Shenzhen (JCY2017302145623566).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
He, R., Sun, H., Zhang, Y. (2018). A Dynamic Integrity Transitivity Model for the Cloud. In: Wang, G., Chen, J., Yang, L. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2018. Lecture Notes in Computer Science(), vol 11342. Springer, Cham. https://doi.org/10.1007/978-3-030-05345-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-05345-1_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05344-4
Online ISBN: 978-3-030-05345-1
eBook Packages: Computer ScienceComputer Science (R0)