Providing User Security Guarantees in Public Infrastructure Clouds

Paladi, Nicolae and Gehrmann, Christian and Michalas, Antonis (2016) Providing User Security Guarantees in Public Infrastructure Clouds. IEEE Transactions on Cloud Computing, PP (99). ISSN 2168-7161

PDF (Preprint) - Accepted Version
Available under License Creative Commons Attribution.


Official URL:


The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants – insulated from the minutiae of hardware maintenance – rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organisations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

Item Type:Article
ID Code:5990
Deposited By:Nicolae Paladi
Deposited On:01 Feb 2016 15:44
Last Modified:09 Aug 2016 14:00

Repository Staff Only: item control page