The Department of Computer Science Presents the Department Seminar Series
Runtime Attestation for Infrastructure-as-a-Service Clouds
Friday, March 24th at noon
Location: R15 (3rd Floor), Engineering Building
Abstract: We present the RIC (Runtime Attestation for Iaas Clouds) system which uses timing-based attestation to verify the integrity of a running Xen Hypervisor as well as the guest virtual machines running on top of it. As part of the RIC system we present a novel attestation technique which includes not only the guest operating system's static code and read-only data sections but also the guest OS' dynamically loadable kernel modules. These attestations are conducted periodically at run-time to provide a stronger guarantee of correctness than that offered by load-time verification techniques. A system such as RIC can be used in cloud computing scenarios to verify the environment in which the cloud services ultimately run. Furthermore, we offer a method to decrease the performance impact that this process has on the virtual machines that run the cloud services since these services often have very strict performance and availability requirements. This scheme effectively extends the root of trust on the cloud machines from the Xen hypervisor upward to include the guest OS that runs within each virtual machine. This work represents an important step towards secure cloud computing platforms which can help cloud providers offer new services that require higher levels of security than are possible in cloud data centers today.
Bio: Jesse Elwell recently graduated with a PhD in Computer Science from Binghamton University. The focus of his graduate research was in computer architecture, system software, and security. He was a recipient of Binghamton Graduate Student Award in Research Excellence. After graduation Jesse accepted a position at Vencore Labs as a Research Scientist where he has continued to do cutting edge research with a focus on system and network security.
Co-sponsored with GSO and partially paid for by student activity fees.