Paper Info
Title
P-Cop: A Cloud Administration Proxy To Enforce Bipartite Maintenance Of Paas Services
Abstract
Platform-as-a-Service (PaaS) infrastructures are highly dependent on cloud administrators. Ill-configured software systems or compromising insider activity can result in serious data breaches for clients of PaaS services. A general security approach against untrusted administrators is to employ operating system hardening techniques to limit access privileges on cloud nodes. However, this approach is overly inflexible for PaaS services, since superuser privileges tend to be required to apply a security patch, change a firewall rule, etc. This paper presents P-Cop, a system aimed to provide secure PaaS maintenance while preserving administration flexibility. To that end, P-Cop implements a bipartite maintenance model in which cloud administrator privileges can be elevated to superuser on a given node, but no sensitive guest computations can be allocated to the node until the issued command sequence has been endorsed by an auditor, i.e., a third-party mutually trusted by cloud provider and clients. P-Cop relies on a trusted proxy which supervises all privileged commands issued by the cloud administrators. Our current P-Cop design targets Docker-containerized PaaS services and leverages TPM hardware to enable remote attestation by external clients.
Year
DOI
Venue
2016
10.1109/CLOUD.2016.128
PROCEEDINGS OF 2016 IEEE 9TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD)
Field
DocType
ISSN
Superuser,Audit,Firewall (construction),Computer science,Computer security,Software system,Insider,Data breach,Maintenance engineering,Cloud computing
Conference
2159-6182
Citations 
PageRank 
References 
0
0.34
0
Authors
2
Name
Order
Citations
PageRank
Bruno Braga100.34
Nuno Santos218924.08