SlideShare a Scribd company logo

Trust and Cloud computing, removing the need for the consumer to trust their provider

Download as PPTX, PDF
David Wallom, profile picture
David Wallom

Trusted computing and remote attestation techniques can be used to build trust in cloud computing by creating a "chain of trust" from the hardware to the cloud services and user data. This allows a user to verify the configuration of each component in the cloud and ensure only authorized applications and services can access sensitive data. The solution involves using trusted computing mechanisms like TPM chips to attest cloud hosts, VMs, and services. It also allows application and data whitelisting based on these remote attestations to build trust without requiring users to unconditionally trust their cloud provider.

Technology
Related topics:
Cloud Computing Insights
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Trust and Cloud computing, removing the need for the consumer to trust their provider Prof David Wallom University of Oxford
Overview • The problem – Drivers of cloud adoption – Threats forming barriers to adoption – Trust and the stakeholders in the cloud – Building trust through regulation – Trusted products within a marketplace • The solution – Trusted Computing – Chain of trust – OAT – Trusted Appliances, Applications and user data
Problem…
Trust and Cloud computing, removing the need for the consumer to trust their provider
Trust and Cloud computing, removing the need for the consumer to trust their provider
7 Cloud Computing security risks
Trust at the Last Mile • Problem for high value instantly usable data and services – Critical data or keys are still exposed inside the cloud at the final steps – Still require customers unconditional trust of their CSP – Value may be great enough that traditional blackmail/bribery may be enough to gain access
Cloud (IaaS) and Security cloud infrastructure Storage (Object) Storage (Block) Host VM Host VM … Users • AAI: management, storage APIs. • VMs: security groups (layer 2/3), firewall, VPN. • OS: admin policies, monitoring, auditing, patches, etc. • HW: physical security • How can users trust the origin and identity of the cloud infrastructure software stack? • How can users trust the origin and identity of VMs, Block Storage, Storage Objects?
“What is really going on inside the cloud?”
New Industries Around Security and Trust
Building trust through regulation
Building trust by building brands
Recap • Cloud already affects all our lives, it will soon affect extremely high value parts of our lives even more • Security, Trust and Privacy still great concerns • The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches • Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it by def. limits some functions or capabilities • Providing improved consumer information may allow us to build reputation systems but there is nothing to stop them being subverted and having to use clean branded appliances each time will cause operational headaches. • We must trust our cloud provider, completely! • We don’t really know whats going on within the cloud • We are worried we may lose our data
A solution
Trusted Computing • What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for implementing a remotely verifiable infrastructure. • What it does and what it does not: It enables a challenger to remotely verify the genuine configurations of a platform. It provides no guarantee on the security properties of the platform, but leaves the challengers to determine the properties by mapping the configurations to a predefined security properties repository. • TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and reporting the platform’s configuration, together with other supporting capabilities, such as secure key management. • Integrity and attestation: The integrity of a platform is defined as its capability to behave as expected. In general implementation, integrity is interpreted as whether only expected software components with expected configurations have been loaded on the target platform. Remote Attestations are performed to examine the integrity of a remote platform. • Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof hardware. However, complexities in managing the expected platform configurations have inhibited the widespread adoption of Trusted Computing.
Extend the Trusted Platform to the cloud • Reassure customers that the cloud infrastructure is strong enough to defend against attackers or malicious users. • Enables a mechanism by which the properties of the cloud service components and third-party extensions can be continuously inspected and examined.
Trusted Computing and Cloud Computing User verifiable Chain of Trust = Attestation result of Storage + Attestation result of Host + Attestation result of VM …but in the cloud the hardware components can change… HW/TPM Host Controller Hypervisor Virtual Machine vTPM Virtual Machine vTPM Virtual Machine vTPM HW/TPM Storage Controller Storage Service 12 3 123
Open Attestation (OAT) as a Trusted Third Party …but what about resilience and scalability?
Porridge (Distributed OAT) • High frequency platform verification • Application whitelisting • Verifiable Logging
Implementation in Openstack
Attesting Cloud Services • VM attestation – Know exactly the status of your system, its how you left it! • Centralized Attestation Service – A service to periodically examining all the cloud nodes and recording their configurations; – Customers attest the delegates to make sure the attestation service is correctly running. – Supporting dynamic VM migration attesting both source and destination to ensure continual validity • Property-based Access Controls – Customers define the access control policies to their data or keys based on the properties of the accessing cloud applications and the underlying hosting infrastructure. – Whitelisting application software within a cloud instance
Trusted Data Processing • To ensure that customer data is not abused by their CSP when outsourced to the cloud infrastructure for processing or storage. • TDP ensures customers that their data is only decrypted by their applications, having the predefined states, and being deployed on the part of the cloud satisfying predefined SLA.
Trusted Data Exchanging • To ensure that Customer Data is not abused by other customers when shared on a common infrastructure to achieve cooperative computations. • TDP ensures a Data Provider that every piece of data is processed only by applications with predetermined properties.
Conclusion • Trust is still highlighted as a significant barrier to cloud adoption in high value usecases • Traditional security still requires users to trust their CSP • Regulation may aim for a secure business as usual, it doesn’t support you when things go wrong • Utilising Trusted Computing and remote attestation builds a chain of trust – Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data – Support application and data whitelisting to ensure only those with permission can use services or capabilities • Only registered and verified hosts can run high value applications • Only registered and verifies services can access high value data • Extending existing Trusted Third Party capabilities to support multiple trusted Service Providers providing externally verifiable measurement of cloud located services • We are removing the need to trust your cloud provider by building cryptographically secure cloud
Thank You!

More Related Content

PPTX
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
PDF
E magic case study
Allyssa1Davis
 
PPTX
Ame 2269 ibm mq high availability
Andrew Schofield
 
PPTX
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
PPT
IBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
Rob Convery
 
PPTX
VMworld 2015: The Best SDDC!
VMworld
 
PPT
Health monitoring and alerting for xen app, xendesktop and netscaler
solarisyougood
 
PDF
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
Array Networks
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
David Wallom
 
E magic case study
Allyssa1Davis
 
Ame 2269 ibm mq high availability
Andrew Schofield
 
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
IBM Integration Bus & WebSphere MQ - High Availability & Disaster Recovery
Rob Convery
 
VMworld 2015: The Best SDDC!
VMworld
 
Health monitoring and alerting for xen app, xendesktop and netscaler
solarisyougood
 
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
Array Networks
 

What's hot (20)

PDF
move-anti-virus
Aakash Chaturvedi
 
PPTX
CompTIA Security Plus Overview
Joseph Holbrook, Chief Learning Officer (CLO)
 
PPTX
6421 b Module-07
Bibekananada Jena
 
PPT
Performance testing virtualized systems v5
Mentora
 
PPSX
VMware: my jsme “software defined”
MarketingArrowECS_CZ
 
PDF
Encoding Enhancers Woolpack virtualization services
Aditi Shrivastava
 
PPTX
[DSBW Spring 2009] Unit 05: Web Architectures
Carles Farré
 
PPTX
Network access protection ppt
Dasarathi Dash
 
PPTX
Understanding mq deployment choices and use cases
Leif Davidsen
 
PPTX
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
David McGeough
 
PDF
Expanding your options with the MQ Appliance
Anthony Beardsmore
 
PPT
Why Security Teams should care about VMware
JJDiGeronimo
 
PPSX
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Mike Ricca
 
PDF
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Ali Kafel
 
PPTX
Aruba Rightsizing Your Network
hypknight
 
PPT
Virtualization 2.0
Unitiv
 
PPT
Session #107 - AMSI Hosting Options
webhostingguy
 
PPTX
Cloud Computing and Data Centers
bega karadza
 
PDF
Troubleshooting and debugging Citrix Receiver for iOS and Android
Citrix
 
PPT
Cross selling 5
Sen Nathan
 
move-anti-virus
Aakash Chaturvedi
 
CompTIA Security Plus Overview
Joseph Holbrook, Chief Learning Officer (CLO)
 
6421 b Module-07
Bibekananada Jena
 
Performance testing virtualized systems v5
Mentora
 
VMware: my jsme “software defined”
MarketingArrowECS_CZ
 
Encoding Enhancers Woolpack virtualization services
Aditi Shrivastava
 
[DSBW Spring 2009] Unit 05: Web Architectures
Carles Farré
 
Network access protection ppt
Dasarathi Dash
 
Understanding mq deployment choices and use cases
Leif Davidsen
 
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...
David McGeough
 
Expanding your options with the MQ Appliance
Anthony Beardsmore
 
Why Security Teams should care about VMware
JJDiGeronimo
 
Flex Cloud Hosting - Reduce server sprawl and optimize server utilization
Mike Ricca
 
Stratus Fault-Tolerant Cloud Infrastructure Software for NFV using OpenStack
Ali Kafel
 
Aruba Rightsizing Your Network
hypknight
 
Virtualization 2.0
Unitiv
 
Session #107 - AMSI Hosting Options
webhostingguy
 
Cloud Computing and Data Centers
bega karadza
 
Troubleshooting and debugging Citrix Receiver for iOS and Android
Citrix
 
Cross selling 5
Sen Nathan
 
Ad

Similar to Trust and Cloud computing, removing the need for the consumer to trust their provider (20)

PPTX
Trust and Cloud Computing, removing the need to trust your cloud provider
David Wallom
 
PPT
Security Issues of Cloud Computing
Falgun Rathod
 
PDF
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Perficient
 
PDF
Software Defined Networking in the ATMOSPHERE project
ATMOSPHERE .
 
PPTX
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
PDF
Lecture27 cc-security2
Ankit Gupta
 
PPTX
Cloud Cmputing Security
Devyani Vaidya
 
PDF
Cloud Security
Pyingkodi Maran
 
PDF
Privacy preserving public auditing for secure cloud storage
Shakas Technologies
 
PDF
cACCESS_ZTNA PRODUCT CATALOGUE IN THE FILE.pdf
KAVEEN PRASANNAMOORTHY
 
PPTX
ARCHITECTURAL_DESIGN_OF_COMPUTE_AND_STORAGE_CLOUDS[1] - Read-Only.pptx
Venkateshperadka2
 
PDF
Is it an internal affair
George Delikouras
 
PPT
Cloud computing-2 (1)
JUDYFLAVIAB
 
PPTX
Myths of validation
Jeff Thomas
 
PDF
Client Server Network Security
MithilDoshi1
 
PDF
Unit 1.2 move to cloud computing
eShikshak
 
PPTX
Gary Homeland Security Presentation 102114
Gary Dischner
 
PDF
Cloud Security
Pyingkodi Maran
 
PPTX
Transforming cloud security into an advantage
Moshe Ferber
 
PPTX
Zero trust model for cloud computing.pptx
kkhhusshi
 
Trust and Cloud Computing, removing the need to trust your cloud provider
David Wallom
 
Security Issues of Cloud Computing
Falgun Rathod
 
Cloud-based vs. On-site CTMS - Which is Right for Your Organization?
Perficient
 
Software Defined Networking in the ATMOSPHERE project
ATMOSPHERE .
 
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
Lecture27 cc-security2
Ankit Gupta
 
Cloud Cmputing Security
Devyani Vaidya
 
Cloud Security
Pyingkodi Maran
 
Privacy preserving public auditing for secure cloud storage
Shakas Technologies
 
cACCESS_ZTNA PRODUCT CATALOGUE IN THE FILE.pdf
KAVEEN PRASANNAMOORTHY
 
ARCHITECTURAL_DESIGN_OF_COMPUTE_AND_STORAGE_CLOUDS[1] - Read-Only.pptx
Venkateshperadka2
 
Is it an internal affair
George Delikouras
 
Cloud computing-2 (1)
JUDYFLAVIAB
 
Myths of validation
Jeff Thomas
 
Client Server Network Security
MithilDoshi1
 
Unit 1.2 move to cloud computing
eShikshak
 
Gary Homeland Security Presentation 102114
Gary Dischner
 
Cloud Security
Pyingkodi Maran
 
Transforming cloud security into an advantage
Moshe Ferber
 
Zero trust model for cloud computing.pptx
kkhhusshi
 
Ad

More from David Wallom (20)

PPTX
Quantifying the impact of green leasing on energy use in a retail portfolio: ...
David Wallom
 
PPTX
The University of Oxford e-Research Centre
David Wallom
 
PPTX
Introduction to Cloud Computing
David Wallom
 
PPTX
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
David Wallom
 
PPTX
Smarter Energy, Infrastruture service, consumtion analytics and applications
David Wallom
 
PPTX
The Climateprediction.net programme, big data climate modelling
David Wallom
 
PPTX
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
David Wallom
 
PPTX
Supporting Research through "Desktop as a Service" models of e-infrastructure...
David Wallom
 
PPTX
e-Research & the art of linking Astrophysics to Deforestation
David Wallom
 
PPTX
Privacy and Security policies in the cloud
David Wallom
 
PPTX
Working with Earth Observation Data, INFORM and the IEA
David Wallom
 
PPTX
WICKED - Working with the data rich
David Wallom
 
PPTX
Mapping Priorities and Future Collaborations for you Projects
David Wallom
 
PPTX
CloudWatch: Mapping priorities and future collaboration for your project
David Wallom
 
PPTX
CloudWatch2 Adoption Deep Dive
David Wallom
 
PPTX
e-infrastructural needs to support informatics
David Wallom
 
PPTX
Generating Insight from Big Data
David Wallom
 
PPTX
International Forest Risk Model
David Wallom
 
PPTX
Generating Insight from Big Data in Energy and the Environment
David Wallom
 
PPTX
Smart Grid, Smart Metering and Cybersecurity
David Wallom
 
Quantifying the impact of green leasing on energy use in a retail portfolio: ...
David Wallom
 
The University of Oxford e-Research Centre
David Wallom
 
Introduction to Cloud Computing
David Wallom
 
Benefits of big data analytics in Smart Metering, ADEPT, WICKED and beyond
David Wallom
 
Smarter Energy, Infrastruture service, consumtion analytics and applications
David Wallom
 
The Climateprediction.net programme, big data climate modelling
David Wallom
 
1990-2050 sulphur dioxide emissions data from ECLIPSE v5a for use in Met Offi...
David Wallom
 
Supporting Research through "Desktop as a Service" models of e-infrastructure...
David Wallom
 
e-Research & the art of linking Astrophysics to Deforestation
David Wallom
 
Privacy and Security policies in the cloud
David Wallom
 
Working with Earth Observation Data, INFORM and the IEA
David Wallom
 
WICKED - Working with the data rich
David Wallom
 
Mapping Priorities and Future Collaborations for you Projects
David Wallom
 
CloudWatch: Mapping priorities and future collaboration for your project
David Wallom
 
CloudWatch2 Adoption Deep Dive
David Wallom
 
e-infrastructural needs to support informatics
David Wallom
 
Generating Insight from Big Data
David Wallom
 
International Forest Risk Model
David Wallom
 
Generating Insight from Big Data in Energy and the Environment
David Wallom
 
Smart Grid, Smart Metering and Cybersecurity
David Wallom
 

Recently uploaded (20)

PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Encapsulation theory and applications.pdf
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 

Trust and Cloud computing, removing the need for the consumer to trust their provider

  • 1. Trust and Cloud computing, removing the need for the consumer to trust their provider Prof David Wallom University of Oxford
  • 2. Overview • The problem – Drivers of cloud adoption – Threats forming barriers to adoption – Trust and the stakeholders in the cloud – Building trust through regulation – Trusted products within a marketplace • The solution – Trusted Computing – Chain of trust – OAT – Trusted Appliances, Applications and user data
  • 6. 7 Cloud Computing security risks
  • 7. Trust at the Last Mile • Problem for high value instantly usable data and services – Critical data or keys are still exposed inside the cloud at the final steps – Still require customers unconditional trust of their CSP – Value may be great enough that traditional blackmail/bribery may be enough to gain access
  • 8. Cloud (IaaS) and Security cloud infrastructure Storage (Object) Storage (Block) Host VM Host VM … Users • AAI: management, storage APIs. • VMs: security groups (layer 2/3), firewall, VPN. • OS: admin policies, monitoring, auditing, patches, etc. • HW: physical security • How can users trust the origin and identity of the cloud infrastructure software stack? • How can users trust the origin and identity of VMs, Block Storage, Storage Objects?
  • 9. “What is really going on inside the cloud?”
  • 10. New Industries Around Security and Trust
  • 12. Building trust by building brands
  • 13. Recap • Cloud already affects all our lives, it will soon affect extremely high value parts of our lives even more • Security, Trust and Privacy still great concerns • The very thing that makes cloud great (of not caring about the innards) also causes some of our headaches • Regulation may be well meaning when introduced but ultimately doesn’t improve the user experience as it by def. limits some functions or capabilities • Providing improved consumer information may allow us to build reputation systems but there is nothing to stop them being subverted and having to use clean branded appliances each time will cause operational headaches. • We must trust our cloud provider, completely! • We don’t really know whats going on within the cloud • We are worried we may lose our data
  • 15. Trusted Computing • What it is: A set of specifications proposed by the Trusted Computing Group (TCG) for implementing a remotely verifiable infrastructure. • What it does and what it does not: It enables a challenger to remotely verify the genuine configurations of a platform. It provides no guarantee on the security properties of the platform, but leaves the challengers to determine the properties by mapping the configurations to a predefined security properties repository. • TPM: A cost-effective secure hardware, providing tamper-proof capabilities for storing and reporting the platform’s configuration, together with other supporting capabilities, such as secure key management. • Integrity and attestation: The integrity of a platform is defined as its capability to behave as expected. In general implementation, integrity is interpreted as whether only expected software components with expected configurations have been loaded on the target platform. Remote Attestations are performed to examine the integrity of a remote platform. • Strengths and limitations: Trust Computing mechanisms are built upon the tamper-proof hardware. However, complexities in managing the expected platform configurations have inhibited the widespread adoption of Trusted Computing.
  • 16. Extend the Trusted Platform to the cloud • Reassure customers that the cloud infrastructure is strong enough to defend against attackers or malicious users. • Enables a mechanism by which the properties of the cloud service components and third-party extensions can be continuously inspected and examined.
  • 17. Trusted Computing and Cloud Computing User verifiable Chain of Trust = Attestation result of Storage + Attestation result of Host + Attestation result of VM …but in the cloud the hardware components can change… HW/TPM Host Controller Hypervisor Virtual Machine vTPM Virtual Machine vTPM Virtual Machine vTPM HW/TPM Storage Controller Storage Service 12 3 123
  • 18. Open Attestation (OAT) as a Trusted Third Party …but what about resilience and scalability?
  • 19. Porridge (Distributed OAT) • High frequency platform verification • Application whitelisting • Verifiable Logging
  • 21. Attesting Cloud Services • VM attestation – Know exactly the status of your system, its how you left it! • Centralized Attestation Service – A service to periodically examining all the cloud nodes and recording their configurations; – Customers attest the delegates to make sure the attestation service is correctly running. – Supporting dynamic VM migration attesting both source and destination to ensure continual validity • Property-based Access Controls – Customers define the access control policies to their data or keys based on the properties of the accessing cloud applications and the underlying hosting infrastructure. – Whitelisting application software within a cloud instance
  • 22. Trusted Data Processing • To ensure that customer data is not abused by their CSP when outsourced to the cloud infrastructure for processing or storage. • TDP ensures customers that their data is only decrypted by their applications, having the predefined states, and being deployed on the part of the cloud satisfying predefined SLA.
  • 23. Trusted Data Exchanging • To ensure that Customer Data is not abused by other customers when shared on a common infrastructure to achieve cooperative computations. • TDP ensures a Data Provider that every piece of data is processed only by applications with predetermined properties.
  • 24. Conclusion • Trust is still highlighted as a significant barrier to cloud adoption in high value usecases • Traditional security still requires users to trust their CSP • Regulation may aim for a secure business as usual, it doesn’t support you when things go wrong • Utilising Trusted Computing and remote attestation builds a chain of trust – Hardware -> Cloud Host -> Hypervisor -> VM -> application software + Data – Support application and data whitelisting to ensure only those with permission can use services or capabilities • Only registered and verified hosts can run high value applications • Only registered and verifies services can access high value data • Extending existing Trusted Third Party capabilities to support multiple trusted Service Providers providing externally verifiable measurement of cloud located services • We are removing the need to trust your cloud provider by building cryptographically secure cloud

Editor's Notes

  • #10: How to effectively verify “what is really going on inside the cloud”. Whether the acquired Cloud services are enforced; Whether only the acquired Cloud services are accessing customers’ data.
  • #11: The tripadvisor methodology
  • #16: 15
  • #18: Attestation of VMs: only expected programs with expected configuration files are loaded inside the VM. Attestation of Hosts: only the expected VM with the expected software stack has been instantiated. The VM the user is currently connecting to, is genuinely loaded by the genuine hypervisor. Attestation of Storage: the VM is binding to the expected virtual storage, and the state of the virtual storage can only be manipulated by an expected software stack. The virtual storage connected to the user’s VM is genuinely loaded and managed by the genuine Storage Management software with the specified parameters.
  • #19: Intels