Abstract

Cloud computing is broadly recognized as one of major factors in achieving more flexible, scalable, and efficient systems. However, as customers lose the direct control of their data and applications hosted by cloud providers, the trustworthiness of cloud services is a main issue that hinders the deployment of cloud applications. In this paper, we propose an audit-based trustworthiness verification scheme to detect compromises on physical servers in cloud services. First, we propose a novel and efficient model to monitor the trustworthiness of a public cloud by a TTP-based private cloud. Then, we propose a dynamic and flexible remote attestation method to verify the chain of trust, which use a key management mechanism for audit and verification protocols. At the same time, the audit-based trustworthiness verification scheme uses a small private cloud to audit large clouds, which can effectively avoid the introduced TTP becoming a bottleneck. We have implemented a prototype system, and evaluated it with several common benchmarks to demonstrate its efficiency. Our experimental results show that the proposed framework is effective in detecting compromise and adds little overhead to a common IaaS cloud environment.

Paper Details