Paper Info
Title
Toward security as a service: A trusted cloud service architecture with policy customization
Abstract
With the rise of concerns over security and privacy in the cloud, the “security-on-demand” service mode dynamically provides cloud customers with trusted computing environments according to their specific security needs. Major challenges, however, remain to achieve this goal: (1) integrating an auditable, tamper-resistant trust-management mechanism into the cloud infrastructure and (2) building a protocol to guarantee the consistency of customers’ policies during virtual machine (VM) migrations. This study develops a new security-on-demand framework called a “policy-customized trusted cloud service” (PC-TCS) architecture that comprises two core components: an attribute-based signature (ABS)-based remote-attestation scheme to achieve trusted remote attestation with customized security policies and an ABS- and blockchain-based VM-migration protocol to support policy-customized trusted migration. To prove the availability of this architecture, we implemented a PC-TCS prototype based on Xen Hypervisor, the results of which indicate that (1) PC-TCS can be integrated into cloud infrastructure as part of a trusted computing base; (2) cloud users can customize the security policies of computing environments and validate their enforcement throughout the service life-cycle with the support of PC-TCS; and (3) PC-TCS can support policy-customized remote attestation and policy-customized migration with a minimal impact on performance.
Year
DOI
Venue
2021
10.1016/j.jpdc.2020.11.002
Journal of Parallel and Distributed Computing
Keywords
DocType
Volume
Security on demand,Policy-customized,Trusted cloud service,Remote Attestation
Journal
149
ISSN
Citations 
PageRank 
0743-7315
0
0.34
References 
Authors
0
8
Name
Order
Citations
PageRank
Chenlin Huang1488.83
Wei Chen25710.51
Lu Yuan300.34
Yan Ding454.46
Songlei Jian5297.66
Yu-Song Tan63813.98
Hua Chen700.34
Dan Chen8417.53