A Trusted IaaS Environment with Hardware Security Module

A Trusted IaaS Environment with Hardware Security Module

With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentia...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on services computing 2016-05, Vol.9 (3), p.343-356
Hauptverfasser: Seol, Jinho, Jin, Seongwook, Lee, Daewoo, Huh, Jaehyuk, Maeng, Seungryoul
Format: Artikel
Sprache:eng
Schlagworte:
Cloud computing
Computer architecture
Computer information security
Cryptography
Hardware
Hardware Security Module
Mathematical analysis
Modules
Protocols
Security
Systems management
TCB
Vectors (mathematics)
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentially malicious privileged domains or cloud administrators. Within a securely isolated execution environment, the hardware security module provides essential security functionality with only restricted interfaces exposed to vulnerable management systems or cloud administrators. Such restriction prevents cloud administrators from affecting the security of guest VMs. The proposed architecture not only defends against wide attack vectors but also achieves a small TCB. This paper discusses our hardware and software implementation of the proposed cloud architecture, analyzes its security, and presents its performance results.
ISSN:1939-1374
1939-1374
2372-0204
DOI:10.1109/TSC.2015.2392099