Research Article

Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing

  1. Ge Cheng1,
  2. Hai Jin1,*,
  3. Deqing Zou1,
  4. Xinwen Zhang2

Article first published online: 24 JUN 2010

DOI: 10.1002/cpe.1614

Issue

Concurrency and Computation: Practice and Experience

Concurrency and Computation: Practice and Experience

Special Issue: Advanced Topics on Scalable Computing

Volume 22, Issue 13, pages 1893–1910, 10 September 2010

Additional Information

How to Cite

Cheng, G., Jin, H., Zou, D. and Zhang, X. (2010), Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing. Concurrency Computat.: Pract. Exper., 22: 1893–1910. doi: 10.1002/cpe.1614

Author Information

  1. 1

    Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, People's Republic of China

  2. 2

    Computer Science Lab, Samsung Information Systems America, San Jose, CA, U.S.A.

*Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, People's Republic of China

Publication History

  1. Issue published online: 12 AUG 2010
  2. Article first published online: 24 JUN 2010
  3. Manuscript Accepted: 18 APR 2010
  4. Manuscript Revised: 17 APR 2010
  5. Manuscript Received: 9 DEC 2009

Funded by

  • National Basic Research Program of China. Grant Number: 2007CB310900
  • National Natural Science Foundation of China. Grant Number: 60973038

SEARCH

SEARCH BY CITATION

ARTICLE TOOLS

View Full Article (HTML) Get PDF (384K)

Keywords:

  • integrity measurement;
  • integrity protection;
  • trusted computing;
  • cloud computing;
  • authority

Abstract

In the cloud computing infrastructure, there is an increasing demand to maintain and verify the integrity of software stacks running on remote systems and protect users' sensitive data. However, due to the fact that software stacks running on cloud platforms are usually provided and maintained by different authorities (or providers) who are potentially untrusting to each other, the problem of measuring and protecting runtime system integrity becomes very challenging and has not been well addressed yet. In this paper, we present an integrity measurement and protection architecture for software stacks running on a guest operating system (OS) of a virtualized platform in cloud environment. Our solution does not change the guest OS, and thus is transparent to the OS authority. Furthermore, our architecture ensures that sensitive information of users is protected once the integrity of software stacks is broken during runtime. We implement our solution on Xen, and present a simple prototype-based Nimbus. We demonstrate the capability of dynamically detecting the integrity change of programs in cloud computing, and our evaluation results show that the solution is effective for integrity protection with acceptable performance overhead. Copyright © 2010 John Wiley & Sons, Ltd.

View Full Article (HTML) Get PDF (384K)