Abstract
Virtualization and cloud computing can help an organization achieve significant datacenter savings in hardware costs, operational expenditures, and energy demands while achieving improvements in quality of service and business agility. The combination of a hardware based root of trust such as trust platform module (TPM) on virtual machine (VM) based system have being widely adopted. In this paper, combined with the trusted computing and cloud computing security, we establish a trust system with a certificate authority (CA) and trusted platform module (TPM). It takes the CA as the root of trust cloud computing platform. The servers use the TPM through the operations of acquisition, registration, certification for the certification and the operations of new construction, launch, running, transfer and maintenance for the virtual machine (VM). To implement the trusted ensure of the security, it designs the trusted module which take the TPM as the core, and develops the VM as a complete trust system with a measurement algorithm. It can be used into the VM authentication mechanism and the access user authentication mechanism of the VM.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Cheng, G., Jin, H., Zou, D., & Zhang, X. (2010). Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing. Concurrency and Computation: Practice and Experience, 22(13), 1893–1910.
Danev, B., Masti, R.J., Karame, G.O., & Capkun, S. (2011). Enabling secure vm-vtpm migration in private clouds. In Proceedings of the 27th Annual Computer Security Applications Conference ACM (pp. 187–196).
Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., & Lee, W. (2011). Virtuoso: Narrowing the semantic gap in virtual machine introspection. In Security and privacy (SP) 2011 IEEE Symposium on IEEE (pp. 297–312).
Haoyang, S., Dan, W., & Yifang, Z. (2012). A trust measurement model based on api calls. In Computer science & service system (CSSS) 2012 International Conference on IEEE (pp. 455–458).
Jaeger, T., Sailer, R., & Shankar, U. (2006). Prima: Policy-reduced integrity measurement architecture. In Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, USA, SACMAT ’06, pp 19–28.
Krautheim, F.J., Phatak, D.S., & Sherman, A.T. (2010). Introducing the trusted virtual environment module: a new mechanism for rooting trust in cloud computing. In Trust and Trustworthy Computing (pp. 211–227): Springer.
Lewko, A., & Waters, B. (2011). Decentralizing attribute-based encryption. In Advances in Cryptology–EUROCRYPT 2011 (pp. 568–588): Springer.
Li, J., Li, B., Wo, T., Hu, C., Huai, J., Liu, L., & Lam, K. (2012). Cyberguarder: a virtualization security assurance architecture for green cloud computing. Future Generation Computer Systems, 28(2), 379–390.
Li, M., Yu, S., Cao, N., & Lou, W. (2011). Authorized private keyword search over encrypted data in cloud computing. In Distributed Computing Systems (ICDCS), 2011 31st International Conference on, IEEE (pp. 383–392).
Qiu, M., Zhang, L., Ming, Z., Chen, Z., Qin, X., & Yang, L.T. (2013). Security-aware optimization for ubiquitous computing systems with seat graph approach. Journal of Computer and System Sciences, 79(5), 518–529.
Qiu, M., Chen, Z., Ming, Z., Qin, X., & Niu, J. (2014). Energy-aware data allocation with hybrid memory for mobile cloud systems. Systems Journal IEEE, 99, 1–10. doi:10.1109/JSYST.2014.2345733.
Ryan, M.D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263–2268.
Sailer, R., Zhang, X., Jaeger, T., & Van Doorn, L. (2004). Design and implementation of a tcg-based integrity measurement architecture. In USENIX Security symposium, (Vol. 13 pp. 223–238).
Santos, N., Gummadi, K.P., & Rodrigues R. (2009). Towards trusted cloud computing. In Proceedings of the 2009 conference on hot topics in cloud computing, San Diego,California (pp. 3–13).
Sidorov, V., & Ng, W.K. (2014). Model of an encrypted cloud relational database supporting complex predicates in where clause. In Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, IEEE (pp. 667–672).
Tseng, F.K., Chen, R.J., & Lin, B.S. (2013). ipeks: Fast and secure cloud data retrieval from the public-key encryption with keyword search. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, IEEE (pp. 452–458).
Wen, Y., Lee, J., Liu, Z., Zheng, Q., Shi, W., Xu, S., & Suh, T. (2013). Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. In Proceedings of the ACM International Conference on Computing Frontiers, ACM (p. 25).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yu, Z., Zhang, W. & Dai, H. A Trusted Architecture for Virtual Machines on Cloud Servers with Trusted Platform Module and Certificate Authority. J Sign Process Syst 86, 327–336 (2017). https://doi.org/10.1007/s11265-016-1130-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11265-016-1130-9