skip to main content
10.1145/2046582.2046586acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

RepCloud: achieving fine-grained cloud TCB attestation with reputation systems

Published: 17 October 2011 Publication History

Abstract

Security concerns for emerging cloud computing models have become the focus of much research, but little of this targets the underlying infrastructure. Trusted Cloud proposals generally assert that the Trusted Computing Base (TCB) of the cloud should be clearly defined and attested to. However, specific characteristics of trust in the cloud make such solutions difficult to implement in an effective and practical way. We present RepCloud, a reputation system for managing decentralised attestation metrics in the cloud. We observe that as being deterministic and tamper-proof, trust evidence generated by the TCG framework can be efficiently transmitted within the cloud. In a web of nodes with high connectivity and mutual-attestation frequency, corrupted nodes can be identified effectively. By modelling this web with RepCloud, we achieved a fine-grained cloud TCB attestation scheme with high confidence for trust. Cloud users can determine the security properties of the exact nodes that may affect the genuine functionalities of their applications, without obtaining much internal information of the cloud. Experiments showed that besides achieved fine-grained attestation RepCloud still incurred lower trust management overhead than existing trusted cloud proposals.

References

[1]
Cloud security alliance. http://www.cloudsecurityalliance.org.
[2]
Eucalyptus. http://www.eucalyptus.com.
[3]
Trousers - the open-source tcg software stack. http://trousers.sourceforge.net/.
[4]
Trusted computing group. http://www.trustedcomputinggroup.org.
[5]
Trusted grub. http://trousers.sourceforge.net/grub.html.
[6]
Amazon cloud architecture. http://jineshvaria.s3.amazonaws.com/public/cloudarchitectures-varia.pdf, 2008.
[7]
Open platform trusted service user's guide. http://iij.dl.sourceforge.jp/openpts/51879/userguide-0.2.4.pdf, 2011.
[8]
Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. Tvdc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42 (January 2008).
[9]
Chen, L., Löhr, H., Manulis, M., and Sadeghi, A.-R. Property-based attestation without a trusted third party. In Proceedings of the 11th international conference on Information Security (Berlin, Heidelberg, 2008), ISC '08, Springer-Verlag, pp. 31--46.
[10]
Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., and Zamboni, D. Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security (New York, NY, USA, 2009), CCSW '09, ACM, pp. 97--102.
[11]
Hoffman, K., Zage, D., and Nita-Rotaru, C. A survey of attack and defense techniques for reputation systems. ACM Comput. Surv. 42 (December 2009).
[12]
Jonathan, P., Matthias, S., Els, Van, H., and Michael, W. Property attestation -- scalable and privacy-friendly security assessment of peer computers. In Technical Report RZ 3548 (2004), IBM Research.
[13]
Kamvar, S. D., Schlosser, M. T., and Garcia-Molina, H. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web (New York, NY, USA, 2003), WWW '03, ACM.
[14]
Keller, E., Szefer, J., Rexford, J., and Lee, R. B. Nohype: virtualized cloud infrastructure without the virtualization. SIGARCH Comput. Archit. News 38 (June 2010), 350--361.
[15]
Krautheim, F. J. Private virtual infrastructure for cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (Berkeley, CA, USA, 2009), HotCloud'09, USENIX Association.
[16]
Lyle, J., and Martin, A. Trusted computing and provenance: better together. In Proceedings of the 2nd conference on Theory and practice of provenance (Berkeley, CA, USA, 2010), TAPP'10, USENIX Association, pp. 1--1.
[17]
McCune, J. M. Turtles all the way down: research challenges in user-based attestation. In Proceedings of the 2nd workshop on Recent advances on intrusiton-tolerant systems (New York, NY, USA, 2008), WRAITS '08, ACM, pp. 2:1--2:1.
[18]
McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., and Perrig, A. Trustvisor: Efficient tcb reduction and attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (Washington, DC, USA, 2010), SP '10, IEEE Computer Society, pp. 143--158.
[19]
Montresor, A., and Jelasity, M. Peersim: A scalable p2p simulator. In Peer-to-Peer Computing, 2009. P2P '09. IEEE Ninth International Conference on (sept. 2009), pp. 99 --100.
[20]
Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (New York, NY, USA, 2009), CCS '09, ACM, pp. 199--212.
[21]
Sailer, R., Zhang, X., Jaeger, T., and van Doorn, L. Design and implementation of a tcg-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM'04, USENIX Association, pp. 16--16.
[22]
Santos, N., Gummadi, K. P., and Rodrigues, R. Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing (Berkeley, CA, USA, 2009), HotCloud'09, USENIX Association.
[23]
Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., and McDaniel, P. Seeding clouds with trust anchors. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop (New York, NY, USA, 2010), CCSW '10, ACM.
[24]
Stumpf, F., Fuchs, A., Katzenbeisser, S., and Eckert, C. Improving the scalability of platform attestation. In Proceedings of the 3rd ACM workshop on Scalable trusted computing (New York, NY, USA, 2008), STC '08, ACM.
[25]
Walsh, K., and Sirer, E. G. Experience with an object reputation system for peer-to-peer filesharing. In Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3 (Berkeley, CA, USA, 2006), NSDI'06, USENIX Association, pp. 1--1.

Cited By

View all

Index Terms

  1. RepCloud: achieving fine-grained cloud TCB attestation with reputation systems

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    STC '11: Proceedings of the sixth ACM workshop on Scalable trusted computing
    October 2011
    86 pages
    ISBN:9781450310017
    DOI:10.1145/2046582
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 17 October 2011

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. remote attestation
    2. reputation system
    3. trusted cloud

    Qualifiers

    • Research-article

    Conference

    CCS'11
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 17 of 31 submissions, 55%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Towards a Privacy-Preserving Attestation for Virtualized NetworksComputer Security – ESORICS 202310.1007/978-3-031-51482-1_18(351-370)Online publication date: 11-Jan-2024
    • (2019)Trusted Cloud Computing Architectures for infrastructure as a serviceComputers and Security10.1016/j.cose.2018.12.01482:C(196-226)Online publication date: 1-May-2019
    • (2017)RepCloud: Attesting to Cloud Service DependencyIEEE Transactions on Services Computing10.1109/TSC.2016.255851310:5(675-688)Online publication date: 1-Sep-2017
    • (2016)Breaking Down the Monarchy: Achieving Trustworthy and Open Cloud Ecosystem Governance with Separation-of-Powers2016 IEEE 9th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD.2016.0073(505-512)Online publication date: Jun-2016
    • (2016)Realization of a data traceability and recovery service for a trusted authority service co-ordination within a Cloud environmentSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-015-1792-420:12(5039-5050)Online publication date: 1-Dec-2016
    • (2015)On the feasibility of an open-implementation cloud infrastructureProceedings of the 8th International Conference on Utility and Cloud Computing10.5555/3233397.3233431(217-226)Online publication date: 7-Dec-2015
    • (2015)On the Feasibility of an Open-Implementation Cloud Infrastructure: A Game Theoretic Analysis2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)10.1109/UCC.2015.38(217-226)Online publication date: Dec-2015
    • (2015)Distributed Enforcement of Sticky Policies with Flexible TrustProceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and Systems10.1109/HPCC-CSS-ICESS.2015.235(1202-1209)Online publication date: 24-Aug-2015
    • (2014)Security Issues on Cloud Data ServicesBio-inspiring Cyber Security and Cloud Services: Trends and Innovations10.1007/978-3-662-43616-5_19(497-517)Online publication date: 27-Jun-2014
    • (2014)NeuronVisorRevised Selected Papers of the 6th International Conference on Trusted Systems - Volume 947310.1007/978-3-319-27998-5_12(184-200)Online publication date: 16-Dec-2014
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media