TRIGLAV: Remote Attestation of the Virtual Machine's Runtime Integrity in Public Clouds | IEEE Conference Publication | IEEE Xplore
Access provided by:

MIT Libraries

Sign Out
Access provided by:

MIT Libraries

Sign Out
ADVANCED SEARCH
Conferences >2021 IEEE 14th International ...

TRIGLAV: Remote Attestation of the Virtual Machine's Runtime Integrity in Public Clouds

PDF
Wojciech Ozga; Do Le Quoc; Christof Fetzer
All Authors

Abstract:

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of virtual machines (VMs) in which these services are de...Show More

Metadata

Abstract:

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of virtual machines (VMs) in which these services are deployed needs to be ensured even in the presence of powerful adversaries with administrative access to the cloud. Traditional approaches for solving this challenge leverage trusted computing techniques, e.g., vTPM, or hardware CPU extensions, e.g., AMD SEV. But, they are vulnerable to powerful adversaries, or they provide only load time (not runtime) integrity measurements of VMs. We propose TRIGLAV, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. TRIGLAV is transparent to the VM configuration and setup. It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. Our prototype's evaluation shows that TRIGLAV is practical and incurs low performance overhead (< 6%).
Published in: 2021 IEEE 14th International Conference on Cloud Computing (CLOUD)
Date of Conference: 05-10 September 2021
Date Added to IEEE Xplore: 08 November 2021
ISBN Information:

ISSN Information:

DOI: 10.1109/CLOUD53861.2021.00013
Conference Location: Chicago, IL, USA
Contents

I. Introduction

Cloud computing paradigm shifts the responsibility of the computing resources management from application owners to cloud providers, allowing application owners (tenants) to focus on their business use cases instead of on hardware management and administration. However, trust is of paramount concern for tenants operating security-sensitive systems because software managing computing resources and its configuration and administration remains out of their control. Tenants have to trust that the cloud provider, its employees, and the infrastructure protect the tenant's intellectual property as well as the confidentiality and the integrity of the tenant's data. A malicious employee [1], or an adversary who gets into possession of employee credentials [2], [3], might leverage administrator privileges to read the confidential data by introspecting virtual machine (VM) memory [4], to tamper with computation by subverting the hypervisor [5], or to redirect the tenant to an arbitrary VM under her control by altering a network configuration [6]. We tackle the problem of how to establish trust in a VM executed in the cloud. Specifically, we focus on the integrity of legacy systems executed in a VM.

Contact IEEE to Subscribe
More Like This
Joint virtual machine and bandwidth allocation in software defined network (SDN) and cloud computing environments

2014 IEEE International Conference on Communications (ICC)

Published: 2014

Customized Virtual Machines for Software Provisioning in Scientific Clouds

2011 Second International Conference on Networking and Distributed Computing

Published: 2011

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.