Building trust into utility cloud computing.

摘要

We introduce three new mechanisms that allow trust to be built into cloud computing called the Private Virtual Infrastructure (PVI), the Locator Bot (LoBot), and the Trusted Virtual Environment Module (TVEM). Cloud computing requires that organizations trust that a service provider's platforms are secured and provide a sufficient level of integrity for the client's data. Once a client's sensitive data are released into the cloud under the control of a third party, a significant level of risk is placed on the security and privacy of the data. PVI, LoBot, and TVEM provide a means for clients to establish trust in cloud platforms, thus reducing their risk exposure.;PVI is a new management and security model that shares the responsibility of security management in cloud computing between the service provider and client, decreasing the risk exposure to both. The PVI datacenter's security posture is set by the client, while the cloud's configuration is under control of the service provider. Clients can then protect their information independently of the cloud configuration.;The LoBot pre-measures the cloud for security properties which can be used to determine the integrity and trustworthiness of the destination platform. LoBot then provides secure provisioning and live migration for the virtual datacenter. LoBot protects information by preventing data from being placed in malicious environments.;The TVEM helps solve the core security challenge of cloud computing by establishing trust in a virtualized cloud computing environment. The TVEM is a software appliance that merges trust from multiple sources, typically the information owner and service provider, to derive a root of trust for a virtual environment on a remote host. A unique Trusted Environment Key (TEK) combines trust from the information owner and the service provider to create a dual root of trust for the TVEM that is distinct for every virtual environment and separate from the host platform's trust.;PVI, Locator Bot, and TVEM can be used individually or combined to provide a foundation for trust in cloud computing. They enable organizations to maintain control of their information in the cloud and realize benefits of cloud computing.