Remote attestation of SEV-SNP confidential VMs using e-vTPMs

Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc. In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).Comment: 12 pages, 4 figure

Distributed Infrastructure for an Academic Cloud

The various community infrastructure literature reveals the challenges in educational institutions to embrace cloud computing trends. Setting up an own data center in effect means a private cloud. If research on the open cloud services is available within the institution, then the rollout of such research products becomes an in-house implementation. Thus, even reducing the dependence on cloud vendors. Distribution of resources opens the channel for better communication within academic institutions. It also attracts opportunities to procure individual hardware with a bigger gain. Enormous spending and unaccounted credits fall into central budgets if not controlled in a structured manner. Also, increasing the overall data management cost as an institution needs a different perspective for its’ long-term benefits. The expenses allow branching the cloud management tasks either in a vendor’s private cloud or own Cloud if feasible. Bigdata does touch the academics to so much extent that such disparate de-central data management creates several pitfalls. The solution then suggested to have a controlled environment claimed as distributed computing. Infrastructure spending shoots up with a pay as you go model. We claim that a distributed infrastructure as an excellent opportunity in the computing when performed at the cost of trust of a private cloud. The open-source movements experiment the distributed clouds by promoting OpenStack swift

Protection and efficient management of big health data in cloud environment

University of Technology Sydney. Faculty of Engineering and Information Technology.Healthcare data has become a great concern in the academic world and in industry. The deployment of electronic health records (EHRs) and healthcare-related services on cloud platforms will reduce the cost and complexity of handling and integrating medical records while improving efficiency and accuracy. To make effective use of advanced features such as high availability, reliability, and scalability of Cloud services, EHRs have to be stored in the clouds. By exposing EHRs in an outsourced environment, however, a number of serious issues related to data security and privacy, distribution and processing such as the loss of the controllability, different data formats and sizes, the leakage of sensitive information in processing, sensitive-delay requirements has been naturally raised. Many attempts have been made to address the above concerns, but most of the attempts tackled only some aspects of the problem. Encryption mechanisms can resolve the data security and privacy requirements but introduce intensive computing overheads as well as complexity in key distribution. Data is not guaranteed being protected when it is moved from one cloud to another because clouds may not use equivalent protection schemes. Sensitive data is being processed at only private clouds without sufficient resources. Consequently, Cloud computing has not been widely adopted by healthcare providers and users. Protecting and managing health data efficiently in many aspects is still an open question for current research. In this dissertation, we investigate data security and efficient management of big health data in cloud environments. Regarding data security, we establish an active data protection framework to protect data; we investigate a new approach for data mobility; we propose trusted evaluation for cloud resources in processing sensitive data. For efficient management, we investigate novel schemes and models in both Cloud computing and Fog computing for data distribution and data processing to handle the rapid growth of data, higher security on demand, and delay requirements. The novelty of this work lies in the novel data mobility management model for data protection, the efficient distribution scheme for a large-scale of EHRs, and the trust-based scheme in security and processing. The contributions of this thesis can be summarized according to data security and efficient data management. On data security, we propose a data mobility management model to protect data when it is stored and moved in clouds. We suggest a trust-based scheduling scheme for big data processing with MapReduce to fulfil both privacy and performance issues in a cloud environment. • The data mobility management introduces a new location data structure into an active data framework, a Location Registration Database (LRD), protocols for establishing a clone supervisor and a Mobility Service (MS) to handle security and privacy requirements effectively. The model proposes a novel security approach for data mobility and leads to the introduction of a new Data Mobility as a Service (DMaaS) in the Cloud. • The Trust-based scheduling scheme investigates a novel composite trust metric and a real-time trust evaluation for cloud resources to provide the highest trust execution on sensitive data. The proposed scheme introduces a new approach for big data processing to meet with high security requirements. On the efficient data management, we propose a novel Hash-Based File Clustering (HBFC) scheme and data replication management model to distribute, store and retrieve EHRs efficiently. We propose a data protection model and a task scheduling scheme which is Region-based for Fog and Cloud to address security and local performance issues. • The HBFC scheme innovatively utilizes hash functions to cluster files in defined clusters such that data can be stored and retrieved quickly while maintaining the workload balance efficiently. The scheme introduces a new clustering mechanism in managing a large-scale of EHRs to deliver healthcare services effectively in the cloud environment. • The trust-based scheduling model uses the proposed trust metric for task scheduling with MapReduce. It not only provides maximum trust execution but also increases resource utilization significantly. The model suggests a new trust-oriented scheduling mechanism between tasks and resources with MapReduce. • We introduce a novel concept “Region” in Fog computing to handle the data security and local performance issues effectively. The proposed model provides a novel Fog-based Region approach to handle security and local performance requirements. We implement and evaluate our proposed models and schemes intensively based on both real infrastructures and simulators. The outcomes demonstrate the feasibility and the efficiency of our research in this thesis. By proposing innovative concepts, metrics, algorithms, models, and services, the significant contributions of this thesis enable both healthcare providers and users to adopt cloud services widely, and allow significant improvements in providing better healthcare services

An Experimental Validation of Public Cloud Mobile Banking

Currently, financial institutions incur huge expenditure to implement and maintain mobile banking (m- Banking) solutions and this cost is bound to rise significantly, as more customers subscribe to m-Banking services. Cloud computing has potential to facilitate reduced cost, high scalability and a variable cost structure that could guarantee cheaper, reliable and sustainable m-Banking in the long term. While the adoption of organizational private clouds seems natural for banks because of the sensitive nature of banking transactions, some have argued for the adoption of public clouds as a better alternative, despite concerns on issues such as trust, security and privacy. However, there is lack of sufficient empirical evidence in the literature on the suitability of public clouds for m- Banking. Hence, this study presents an investigation of the use of public cloud for m-Banking. A prototype cloud- based m-Banking application was developed using a public platform-as-a-service (Paas) cloud model, which was evaluated for usability and robustness in a controlled experiment. The evaluation result shows that m-Banking on public cloud is viable, if the cloud-based application is sufficiently robust and usable. The result also indicates that m-Banking services on public cloud are suitable for adoption by the banking industry

ANONYMOUS DATA SHARING WITH FORWARD SECURITY FOR VERIFICATION PROCESS

Capacity as-a-Service offered by cloud specialist co-ops (CSPs) is a paid office that empowers associations to re-appropriate their touchy information to be put away on distant workers. In this paper, we propose a cloud-based capacity plot that permits the information proprietor to profit by the offices offered by the CSP and empowers roundabout common trust between them. The proposed conspire has four significant highlights: (I) it permits the proprietor to re-appropriate touchy information to a CSP, and perform full square level unique procedure on the rethought information, i.e., block adjustment, inclusion, cancellation, and attach, (ii) it guarantees that approved clients (i.e., the individuals who reserve the option to get to the proprietor's document) get the most recent adaptation of the re-appropriated information, (iii) it empowers aberrant shared trust between the proprietor and the CSP, and (iv) it permits the proprietor to give or disavow admittance to the reevaluated information. At the point when the client putting away the information into the cloud, for security purposes prior to entering the information into the cloud that information will encode and that will be put away in the cloud. so when the client is looking for specific report this cycle will done on the encoded organization of information. A distributed storage model comprises of an assortment of capacity workers. It has long haul stockpiling administrations over the Internet. At the point when the information is put away in the cloud, at that point the client will have no control on that information around then and subsequently checking the accuracy of the information put away in the cloud is a difficult issue. With the goal that secrecy of the information put away in cloud is kept up by the information proprietor. He utilizes his private key for encoding the information and this scrambled information will be put away in the cloud

Security and Privacy Issues in Cloud Computing

Cloud computing transforming the way of information technology (IT) for consuming and managing, promising improving cost efficiencies, accelerate innovations, faster time-to-market and the ability to scale applications on demand (Leighton, 2009). According to Gartner, while the hype grew ex-ponentially during 2008 and continued since, it is clear that there is a major shift towards the cloud computing model and that the benefits may be substantial (Gartner Hype-Cycle, 2012). However, as the shape of the cloud computing is emerging and developing rapidly both conceptually and in reality, the legal/contractual, economic, service quality, interoperability, security and privacy issues still pose significant challenges. In this chapter, we describe various service and deployment models of cloud computing and identify major challenges. In particular, we discuss three critical challenges: regulatory, security and privacy issues in cloud computing. Some solutions to mitigate these challenges are also proposed along with a brief presentation on the future trends in cloud computing deployment