Online applications have become the de facto medium through which modern computing services are offered. This model not only reduces administrative costs, but enables companies to shift their physical infrastructure to virtualized environments like cloud computing platforms. However, with this move to remotely administered services come serious risks. Since users no longer control the systems they rely upon, they must assume they were correctly configured to protect their sensitive data. As history has demonstrated, even the most well funded companies are prone to compromises, which may lead to the loss of countless confidential customer records. If the world is to continue adopting this computing model, then a greater emphasis must be placed on building verifiable systems that customers can inspect.;In this dissertation, we explore the design challenges in building verification frameworks that overcome the limitations of current verification techniques for detecting unsafe and compromised systems. Existing approaches leverage trusted computing hardware like the Trusted Platform Module (TPM) to securely record and attest to integrity-relevant events occurring on the proving system. However, these approaches are insufficient for verifying today's high performance and highly connected environments. First, we developed the Root of Trust for Installation, a method for bootstrapping trust in virtual machine (VM) hosts that form the basis of many cloud offerings. Second, we designed a remote integrity verifier to address many of the difficulties that attestation-only verification causes. Using this Integrity Verification Proxy, we are able to verify heterogeneous integrity requirements at the proving system without the delay and complexity of traditional integrity measurement. Finally, we incorporated our research into the Cloud Verifier, a framework for verifying the integrity of instances hosted on clouds. This permits cloud administrators, customers, and external clients to verify integrity criteria without having to directly inspect the configuration of the entire platform. Our proof-of-concept implementation and evaluation demonstrates the feasibility of building a verifiable, yet functional cloud platform. While this work represents only a starting point, we believe it will lead to a greater understand of how today's online services can be designed in a more transparent way.
展开▼
