Conference paper Open Access

CloudVaults: Integrating Trust Extensions into System Integrity Verification for Cloud-based Environments

Larsen, B.; Bergsson, D.; Giannetsos, T.

While the rapid evolution of container-based virtualization technologies, emerging as an integral part of cloud-based environments, brings forth several new opportunities for enabling the provision of distributed, mixed-criticality services, it also raises significant concerns for their security, resilience, and configuration correctness. In this paper, we present CloudVaults for coping with these challenges: a multi-level security verification framework that supports trust aware service graph chains with variable evidence on the integrity assurance and correctness of the comprised containers. It is a rst step towards a new frontier of security mechanisms to enable the provision of Configuration Integrity Veri cation (CIV), during both load- and run-time, by providing ne-grained measurements in supporting container trust decisions, thus, allowing for a much more e active verification towards building a global picture of the entire service graph integrity. We additionally provide and benchmark an open-source implementation of the enhanced attestation schemes.

Files (723.8 kB)
Name Size
36-CloudVaults-Paper.pdf
md5:6d1127528f5fdcd8ec8ef6db64e3a305
723.8 kB Download
8
5
views
downloads
All versions This version
Views 88
Downloads 55
Data volume 3.6 MB3.6 MB
Unique views 88
Unique downloads 55

Share

Cite as