Integrity assurance in the cloud by combined PBA and provenance

Abir Awad; Sara Kadry; Brian Lee; Gururaj Maddodi; Eoin O'Meara

doi:10.1109/NGMAST.2016.15

Integrity assurance in the cloud by combined PBA and provenance

Abir Awad^*, Sara Kadry, Brian Lee, Gururaj Maddodi, Eoin O'Meara

^*Corresponding author for this work

Faculty of Computing, Engineering and Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In this paper, we propose a new integrity assurance system in the cloud by using both hard and soft attestations. By hard attestation, we mean the usage of trusted computing to certify the machines in the cloud or to detect any tamper on the system level including boot, bios and operating system. The soft assurance mechanism is based on the analysis of the cloud provenance data which are collected by logging kernel system calls. This mechanism is data centric which means that it allows the detection of any changes to data artifacts in the cloud. The results of our integrity assurance system is communicated to the user using Cloud Trust Protocol (CTP) developed by the Cloud Security Alliance (CSA). Our proposed scheme is tested on an OpenStack cloud to show a proof of concept of our integrity assurance system.

Original language	English
Title of host publication	Proceedings - 2016 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016
Publisher	IEEE Computer Society
Pages	127-132
Number of pages	6
ISBN (Electronic)	9781509009497
DOIs	https://doi.org/10.1109/NGMAST.2016.15
Publication status	Published - 28 Dec 2016
Event	10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016 - Cardiff, Wales, United Kingdom Duration: 24 Aug 2016 → 26 Aug 2016

Conference

Conference	10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016
Country/Territory	United Kingdom
City	Cardiff, Wales
Period	24/08/16 → 26/08/16

Keywords

cloud
Cloud trust protocol
integrity
provenance
trusted platform module

Access to Document

10.1109/NGMAST.2016.15Licence: CC BY-NC-ND

Cite this

@inproceedings{bf9892c076774e3281a0c6dc8f3e4f5a,

title = "Integrity assurance in the cloud by combined PBA and provenance",

abstract = "In this paper, we propose a new integrity assurance system in the cloud by using both hard and soft attestations. By hard attestation, we mean the usage of trusted computing to certify the machines in the cloud or to detect any tamper on the system level including boot, bios and operating system. The soft assurance mechanism is based on the analysis of the cloud provenance data which are collected by logging kernel system calls. This mechanism is data centric which means that it allows the detection of any changes to data artifacts in the cloud. The results of our integrity assurance system is communicated to the user using Cloud Trust Protocol (CTP) developed by the Cloud Security Alliance (CSA). Our proposed scheme is tested on an OpenStack cloud to show a proof of concept of our integrity assurance system.",

keywords = "cloud, Cloud trust protocol, integrity, provenance, trusted platform module",

author = "Abir Awad and Sara Kadry and Brian Lee and Gururaj Maddodi and Eoin O'Meara",

note = "USW staff member left the university Sep 2017; 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016 ; Conference date: 24-08-2016 Through 26-08-2016",

year = "2016",

month = dec,

day = "28",

doi = "10.1109/NGMAST.2016.15",

language = "English",

pages = "127--132",

booktitle = "Proceedings - 2016 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016",

publisher = "IEEE Computer Society",

}

Awad, A, Kadry, S, Lee, B, Maddodi, G & O'Meara, E 2016, Integrity assurance in the cloud by combined PBA and provenance. in Proceedings - 2016 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016., 7801478, IEEE Computer Society, pp. 127-132, 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016, Cardiff, Wales, United Kingdom, 24/08/16. https://doi.org/10.1109/NGMAST.2016.15

Integrity assurance in the cloud by combined PBA and provenance. / Awad, Abir; Kadry, Sara; Lee, Brian et al.
Proceedings - 2016 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016. IEEE Computer Society, 2016. p. 127-132 7801478.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Integrity assurance in the cloud by combined PBA and provenance

AU - Awad, Abir

AU - Kadry, Sara

AU - Lee, Brian

AU - Maddodi, Gururaj

AU - O'Meara, Eoin

N1 - USW staff member left the university Sep 2017

PY - 2016/12/28

Y1 - 2016/12/28

N2 - In this paper, we propose a new integrity assurance system in the cloud by using both hard and soft attestations. By hard attestation, we mean the usage of trusted computing to certify the machines in the cloud or to detect any tamper on the system level including boot, bios and operating system. The soft assurance mechanism is based on the analysis of the cloud provenance data which are collected by logging kernel system calls. This mechanism is data centric which means that it allows the detection of any changes to data artifacts in the cloud. The results of our integrity assurance system is communicated to the user using Cloud Trust Protocol (CTP) developed by the Cloud Security Alliance (CSA). Our proposed scheme is tested on an OpenStack cloud to show a proof of concept of our integrity assurance system.

AB - In this paper, we propose a new integrity assurance system in the cloud by using both hard and soft attestations. By hard attestation, we mean the usage of trusted computing to certify the machines in the cloud or to detect any tamper on the system level including boot, bios and operating system. The soft assurance mechanism is based on the analysis of the cloud provenance data which are collected by logging kernel system calls. This mechanism is data centric which means that it allows the detection of any changes to data artifacts in the cloud. The results of our integrity assurance system is communicated to the user using Cloud Trust Protocol (CTP) developed by the Cloud Security Alliance (CSA). Our proposed scheme is tested on an OpenStack cloud to show a proof of concept of our integrity assurance system.

KW - cloud

KW - Cloud trust protocol

KW - integrity

KW - provenance

KW - trusted platform module

U2 - 10.1109/NGMAST.2016.15

DO - 10.1109/NGMAST.2016.15

M3 - Conference contribution

AN - SCOPUS:85009918015

SP - 127

EP - 132

BT - Proceedings - 2016 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016

PB - IEEE Computer Society

T2 - 10th International Conference on Next Generation Mobile Applications, Security and Technologies, NGMAST 2016

Y2 - 24 August 2016 through 26 August 2016

ER -

Integrity assurance in the cloud by combined PBA and provenance

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this