Trusted Platform Module as Security Enabler for Cloud Infrastructure as a Service (IaaS).

Gregory T. Hoffer

CS7323 – Research Seminar (Dr. Qi Tian)

Overview

Problem Statement TPM Proposal Discussion Conclusion References

Problem Statement

Trusted Platform Module

(Image From [1])

(Image From [1])

Security Features provided by TPM

1) Access Control: Access to sensitive data and execution of some commands are subject to permission. It is the case for access to cryptographic keys, PCRs and execution of key generation.

2) Attestation: Attestation provided by an entity is a proof of specific data knowledge by that entity. It is usually associated with a digital signature. TCG uses this functionality to prove to a remote entity (e.g. service provider) that a platform wishing to access to the service meets specific integrity requirements. The attestation may be related to hardware or software integrity.

3) Measurements, Logging and Reporting: The measurement is the process of computing a state indicator of hardware and/or software. It may be a hash for a software code. If the measurement is reliable, it gives information on the integrity of the measured entity. The measuring entity must be trustable in order to obtain reliable measurements. TCG defines a module called CRTM (Core Root of Trust for Measurement) which is assumed to be trustable. It is executed when the platform is powered on.

Project Proposal

Virtualize TPM Provide Cloud Customer with assurance

or trust that state and configuration of physical platform.

Conclusion

Questions and Discussion

Any questions or comments?

References

[1] M. Achemlal, S. Gharout, C. Gaber. 2011. Trusted Platform Module as an Enabler for Security in Cloud Computing. In Network and Information Systems Security (SAR-SSI), La Rouchelle, FR. May 18-21, 2011.

[2] R. Neise, D. Holling, A. Pretschner. 2011. Implementing Trust in Cloud Infrastructures. In 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2011, Newport Beach, CA. May 23-26, 2011.

[3] B. Berthelon, S. Varette, P. Bouvry. 2011. CertiCloud: a Novel TPM-based Approach to Ensure Cloud IaaS Security. In 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2011, Newport Beach, CA. May 23-26, 2011.