SODA

Trust but Verify - Trust Establishment Mechanisms in Infrastructure Clouds

Paladi, Nicolae (2017) Trust but Verify - Trust Establishment Mechanisms in Infrastructure Clouds. Doctoral thesis, Lund University.

[img]
Preview
PDF (PhD Thesis) - Published Version
Available under License Creative Commons Attribution.

2380Kb

Official URL: http://portal.research.lu.se/portal/en/publication...

Abstract

The past two decades have witnessed a transformation of the status and role of comput- ing: from a commodity supporting essential societal functions to a utility permeating all aspects of daily life. This transformation was accompanied by the emergence of so- called cloud computing – a service model that made computation infrastructure reliable, scalable and easily accessible. Increasingly, cloud computing displays the characterist- ics common to utility services, such as: necessity, reliability, usability, low utilization rates, scalability and (in some cases) service exclusivity. In the cloud computing service model, users consume computation resources provided through the Internet, often without any awareness of the cloud service provider that owns and operates the supporting hardware infrastructure. This marks an important change compared to earlier models of computation, for example when such supporting hardware infrastructure was under the control of the user. Given the ever increasing importance of computing, the shift to cloud computing introduces several challenging issues, which include ensuring the integrity and confidentiality of the computation itself, along with integrity and confidentiality of ancillary resources such as network commu- nication and the stored or produced data. While the potential risks for data isolation and confidentiality in cloud infrastructure are somewhat known, they are obscured by the convenience of the service model and claimed trustworthiness of cloud service providers, backed by reputation and contractual agreements. Ongoing research on cloud infrastructure has the potential to strengthen the security guarantees of computation, data and communication for users of cloud computing. This thesis is part of such research efforts, focusing on assessing the trust- worthiness of components of the cloud network infrastructure and cloud computing infrastructure and controlling access to data and network resources. The seven papers included in this thesis present a collection of contributions address- ing select aspects of the focus areas above. The contributions include mechanisms to verify or enforce security in cloud infrastructure. Such mechanisms have the potential to both help cloud service providers strengthen the security of their deployments, and empower users to obtain guarantees regarding security aspects of service level agree- ments. By leveraging functionality of components such as the Trusted Platform Module, we describe mechanisms to provide user guarantees regarding integrity of the comput- ing environment and geographic location of plaintext data, as well as to allow users maintain control over the cryptographic keys for integrity and confidentiality protec- tion of data stored in remote infrastructure. Next, by leveraging recent innovations for platform security such as Software Guard Extensions, we describe mechanisms to verify the integrity of the network infrastructure in the Software-Defined Networking model. Finally, we propose an innovative scheme for access control of resources in Software-Defined Networking deployments.

Item Type:Thesis (Doctoral)
Uncontrolled Keywords:cloud computing infrastructure, security, trust, virtualization, software-defined networking
ID Code:6204
Deposited By:Nicolae Paladi
Deposited On:01 Feb 2018 10:45
Last Modified:01 Feb 2018 10:45

Repository Staff Only: item control page