Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing

Authors

  • Ge Cheng,

    1. Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, People's Republic of China
    Search for more papers by this author
  • Hai Jin,

    Corresponding author
    1. Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, People's Republic of China
    • Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, People's Republic of China
    Search for more papers by this author
  • Deqing Zou,

    1. Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, People's Republic of China
    Search for more papers by this author
  • Xinwen Zhang

    1. Computer Science Lab, Samsung Information Systems America, San Jose, CA, U.S.A.
    Search for more papers by this author

Abstract

In the cloud computing infrastructure, there is an increasing demand to maintain and verify the integrity of software stacks running on remote systems and protect users' sensitive data. However, due to the fact that software stacks running on cloud platforms are usually provided and maintained by different authorities (or providers) who are potentially untrusting to each other, the problem of measuring and protecting runtime system integrity becomes very challenging and has not been well addressed yet. In this paper, we present an integrity measurement and protection architecture for software stacks running on a guest operating system (OS) of a virtualized platform in cloud environment. Our solution does not change the guest OS, and thus is transparent to the OS authority. Furthermore, our architecture ensures that sensitive information of users is protected once the integrity of software stacks is broken during runtime. We implement our solution on Xen, and present a simple prototype-based Nimbus. We demonstrate the capability of dynamically detecting the integrity change of programs in cloud computing, and our evaluation results show that the solution is effective for integrity protection with acceptable performance overhead. Copyright © 2010 John Wiley & Sons, Ltd.

Ancillary