On Retaining Data Control to the Client in Infrastructure Clouds
Full text | |||
Source | Journal of Information Systems Security Volume 5, Number 4 (2009)
Pages 27–46
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | Marco Descher — Vorarlberg University of Applied Sciences, Austria
Philip Masser — Vorarlberg University of Applied Sciences, Austria
Thomas Feilhauer — Vorarlberg University of Applied Sciences, Austria
David Huemer — Vienna University of Technology, Austria
A Min Tjoa — Vienna University of Technology, Austria
|
||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
Cloud computing allows delivering information technology power on demand. Be it either the hosting of a certain web application or the outsourcing of an entire server or data center by means of virtualization. Applying these techniques however goes along with handing over the ultimate control of data to a third party. This paper investigates the application of Nimbus as a cloud resource and shows an example implementation for retaining data control to the user, based on virtual machine images encrypted on the client side. This means that the procedures involved for verifying validity and accessing the virtual machine are entirely provided by the cloud client. We provide a sample implementation of a secure virtual machine consisting of an encrypted partition, containing the data to be hosted, and a boot system, containing the logic to verify and access the encrypted partition. The details of the implementation are depicted, as applied on a cloud resource available within the AustrianGrid project.
Keywords
Cloud Computing, Privacy, Client Side Data Control, Secure Virtual Machine, Globus Nimbus
References
Amazon Web Services LLC (2008). Amazon web services. http://aws.amazon.com, 01 October 2009.
Amazon Web Services LLC (2009). Amazon Web Services: Overview of Security Processes, June 2009. http://aws.amazon.com/security/, 01 October 2009.
Antonioletti, M., Atkinson, M., Baxter, R., Borley, A., Chue Hong, N. P., Collins, B., Hardman, N., Hume, A. C., Knox, A., Jackson, M., Krause, A., Laws, S., Magowan, J., Paton, N. W., Pearson, D., Sugden, T., Watson, P., and Westhead, M. (2005). The design and implementation of Grid database services in OGSA-DAI: Research Articles. Concurr. Comput. : Pract. Exper., 17(2-4), 357-376.
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. (2003). Xen and the art of virtualization. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164-177, New York, NY, USA. ACM Press.
Baumgartner, M., Glasner, C., and Volkert, J. (2005). An Overview of the Austrian Grid Infrastructure. In J. Volkert, T. Fahringer, D. Kranzlmueller, and W. Schreiner, editors, Proceedings of the 1st Austrian Grid Symposium, pages 277-287. Austrian Computer Society.
Begin, M.-E. (2008). An EGEE Comparative Study: Grids and Clouds - Evolution or Revolution. Technical report, Enabling Grids for E-sciencE Project. Electronic version available at https://edms.cern.ch/document/925013/.
Buyya, R., Yeo, C. S., and Venugopal, S. (2008). Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. In HPCC 2008: Proceedings of the 2008 10th IEEE International Conference on High Performance Computing and Communications, pages 5-13, Washington, DC, USA. IEEE Computer Society.
Calder, B., Chien, A. A., Wang, J., and Yang, D. (2005). The Entropia Virtual Machine for Desktop Grids. In In VEE 05: Proceedings of the 1st ACM/USENIX International Conference on Virtual Execution environments, pages 186-196.
Creese, S., Hopkins, P., Pearson, S., and Shen, Y. (2009). Data Protection-Aware Design for Cloud Computing. Technical Report HPL-2009-192, Hewlett Packard Development Company, L.P. http://www.hpl.hp.com/techreports/2009/HPL-2009-192.html.
European Research Area SIXTH FRAMEWORK PROGRAMME (2005). Breathgas analysis for molecular-oriented detection of minimal diseases. PRIORITY 1 - Life Science, genomics and biotechnology for health, Proposal/Contract no.: LSHC-CT-2005-019031.
Foster, I., Kesselman, C., Tsudik, G., and Tuecke, S. (1998). A security architecture for computational grids. In CCS '98: Proceedings of the 5th ACM conference on Computer and communications security , pages 83-92, New York, NY, USA. ACM.
Foster, I. T. (2005). Globus toolkit version 4: Software for service-oriented systems. In H. Jin, D. A. Reed, and W. Jiang, editors, NPC, volume 3779 of Lecture Notes in Computer Science, pages 2-13. Springer.
Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. In STOC '09: Proceedings of the 41st annual ACM symposium on Theory of computing, pages 169-178, New York, NY, USA. ACM.
Gough, V. (2008). EncFS Encrypted Filesystem. http://www.arg0.net/encfs, 01 October 2009.
Huemer, D., Tjoa, A., Descher, M., Feilhauer, T., and Masser, P. (2009). Towards a Side Access Free Data Grid Resource by Means of Infrastructure Clouds. In Proceedings of the Second International Workshop on Simulation and Modelling in Emergent Computational Systems (SMECS-2009), Vienna, Austria.
Israeli Association of Grid Technologies (2008). Comparing Grid and Cloud Computing. http://grid.org.il/ Uploads/dbsAttachedFiles/Comparing-Cloud-Grid.pdf, 01 October 2009.
Keahey, K., Foster, I. T., Freeman, T., Zhang, X., and Galron, D. (2005). Virtual workspaces in the grid. In Euro-Par , pages 421-431.
Kivity, A. (2007). kvm: the Kernel-based Virtual Machine for Linux. http://ols.108.redhat.com/2007/Reprints/, 01 October 2009.
Lu, W., Keahey, K., Freeman, T., and Siebenlist, F. (2005). Making your workspace secure: Establishing trust with VMs in the Grid. In SC05 Poster Session.
Matthews, J. N., Dow, E. M., Deshane, T., Hu, W., Bongio, J., Wilbur, P. F., and Johnson, B. (2008). Running Xen: A Hands-On Guide to the Art of Virtualization. Prentice Hall, 1 edition.
Parno, B. (2008). Bootstrapping trust in a "trusted" platform. In HOTSEC '08: Proceedings of the 3rd conference on Hot topics in security , Berkeley, CA, USA. USENIX Association.
Pearson, S. and Charlesworth, A. (2009). Accountability as a Way Forward for Privacy Protection in the Cloud. Technical Report HPL-2009-178, Hewlett Packard Development Company, L.P. http://www.hpl.hp.com/techreports/2009/HPL-2009-178.html.
Rutkowska, J. (2007). Security Challenges in Virtualized Environments. http://bluepillproject.org, 01 October 2009.
Sailer, R., Valdez, E., Jaeger, T., Perez, R., Doorn, L. V., Griffin, J. L., Berger, S., Sailer, R., Valdez, E., Jaeger, T., Perez, R., Doorn, L., Linwood, J., and Berger, G. S. (2005). sHype: Secure hypervisor approach to trusted virtualized systems. In IBM Research Report RC23511.
Suzaki, K., Yagi, T., Iijima, K., and Quynh, N. A. (2008). Virtual TPM on Xen/KVM for Trusted Computing. In Virtualization Mini Summit at Ottawa Linux Symposium 2008.
VMware Inc. (2006). Virtual Machine Encryption Basics. Technical report, VMware. http://www.vmware.com/vmtn/resources/265, 01 October 2009.
Wojtczuk, R. and Rutkowska, J. (2009). Attacking Intel Trusted Execution Technology. http://www.invisiblethingslab.com, 01 October 2009.