CloudVaults: integrating trust extensions into system integrity verification for cloud-based environments

Benjamin Larsen*, Heini Bergsson Debes, Thanassis Giannetsos

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

159 Downloads (Pure)

Abstract

While the rapid evolution of container-based virtualization technologies, emerging as an integral part of cloud-based environments, brings forth several new opportunities for enabling the provision of distributed, mixed-criticality services, it also raises significant concerns for their security, resilience, and configuration correctness. In this paper, we present CloudVaults for coping with these challenges: a multi-level security verification framework that supports trust aware service graph chains with verifiable evidence on the integrity assurance and correctness of the comprised containers. It is a first step towards a new frontier of security mechanisms to enable the provision of Configuration Integrity Verification (CIV), during both load- and run-time, by providing fine-grained measurements in supporting container trust decisions, thus, allowing for a much more effective verification towards building a global picture of the entire service graph integrity. We additionally provide and benchmark an open-source implementation of the enhanced attestation schemes.
Original languageEnglish
Title of host publicationComputer Security
PublisherSpringer
Publication date2020
Pages197-220
ISBN (Print)978-3-030-66503-6
DOIs
Publication statusPublished - 2020
EventEuropean Symposium on Research in Computer Security - Guildford, United Kingdom
Duration: 14 Sept 202018 Sept 2020

Conference

ConferenceEuropean Symposium on Research in Computer Security
Country/TerritoryUnited Kingdom
CityGuildford
Period14/09/202018/09/2020
SeriesLecture Notes in Computer Science
Volume12580
ISSN0302-9743

Keywords

  • Cloud-based environments
  • Container-based microservices
  • Configuration integrity verification
  • Privacy-oriented attestation

Fingerprint

Dive into the research topics of 'CloudVaults: integrating trust extensions into system integrity verification for cloud-based environments'. Together they form a unique fingerprint.

Cite this