Recent trends in applying TPM to cloud computing

Trusted platform modules (TPM) have become important safe‐guards against variety of software‐based attacks. By providing a limited set of cryptographic services through a well‐defined interface, separated from the software itself, TPM can serve as a root of trust and as a building block for higher‐level security measures. This article surveys the literature for applications of TPM in the cloud‐computing environment, with publication dates comprised between 2013 and 2018. It identifies the current trends and objectives of this technology in the cloud, and the type of threats that it mitigates. Toward the end, the main research gaps are pinpointed and discussed. Since integrity measurement is one of the main usages of TPM, special attention is paid to the assessment of run time phases and software layers it is applied to.</p

Domain-Based Storage Protection (DBSP) in Public Infrastructure Clouds

Confidentiality and integrity of data in Infrastructure-as-a-Service (IaaS) environments increase in relevance as adoption of IaaS advances towards maturity. While current solutions assume a high degree of trust in IaaS provider staff and infrastructure management processes, earlier incidents have demon- strated that neither are impeccable. In this paper we introduce Domain-Based Storage Protection (DBSP) a data confidentiality and integrity protection mechanism for IaaS environments, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We describe the building blocks of this mechanism and provide a set of detailed protocols for generation and handling of keys for confidentiality and integrity pro- tection of data stored by guest VM instances. The protocols assume an untrusted IaaS provider and aim to prevent both malicious and accidental faulty config- urations that could lead to breach of data confidentiality and integrity in IaaS deployments.InfraClou