Virtual machine integrity verification in Crowd-Resourcing Virtual Laboratory
- In cloud computing, users are able to use their own operating system (OS) image to run a virtual machine (VM) on a remote host. The virtual machine OS is started by the user using some interfaces provided by a cloud provider in public or private cloud. In peer to peer cloud, the VM is started by the host admin. After the VM is running, the user could get a remote access to the VM to install, configure, and run services. For the security reasons, the user needs to verify the integrity of the running VM, because a malicious host admin could modify the image or even replace the image with a similar image, to be able to get sensitive data from the VM. We propose an approach to verify the integrity of a running VM on a remote host, without using any specific hardware such as Trusted Platform Module (TPM). Our approach is implemented on a Linux platform where the kernel files (vmlinuz and initrd) could be replaced with new files, while the VM is running. kexec is used to reboot the VM with the new kernel files. The new kernel has secretIn cloud computing, users are able to use their own operating system (OS) image to run a virtual machine (VM) on a remote host. The virtual machine OS is started by the user using some interfaces provided by a cloud provider in public or private cloud. In peer to peer cloud, the VM is started by the host admin. After the VM is running, the user could get a remote access to the VM to install, configure, and run services. For the security reasons, the user needs to verify the integrity of the running VM, because a malicious host admin could modify the image or even replace the image with a similar image, to be able to get sensitive data from the VM. We propose an approach to verify the integrity of a running VM on a remote host, without using any specific hardware such as Trusted Platform Module (TPM). Our approach is implemented on a Linux platform where the kernel files (vmlinuz and initrd) could be replaced with new files, while the VM is running. kexec is used to reboot the VM with the new kernel files. The new kernel has secret codes that will be used to verify whether the VM was started using the new kernel files. The new kernel is used to further measuring the integrity of the running VM.…
| Author details: | Johannes Harungguan SianiparORCiDGND, Christian Willems, Christoph MeinelORCiDGND |
|---|---|
| DOI: | https://doi.org/10.1109/SOCA.2018.00032 |
| ISBN: | 978-1-5386-9133-5 |
| ISSN: | 2163-2871 |
| Title of parent work (English): | 2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA) |
| Publisher: | IEEE |
| Place of publishing: | New York |
| Publication type: | Other |
| Language: | English |
| Date of first publication: | 2019/01/03 |
| Publication year: | 2019 |
| Release date: | 2022/02/28 |
| Tag: | Cloud Computing; Crowd-Resourcing; Integrity Verification; Virtual Machine |
| Number of pages: | 8 |
| First page: | 169 |
| Last Page: | 176 |
| Organizational units: | An-Institute / Hasso-Plattner-Institut für Digital Engineering gGmbH |
| DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
| Peer review: | Referiert |
