Porridge: A method of providing resilient and scalable Cloud-Attestation-as-a-Service

Conference item

Effectively establishing trust in Cloud Computing is a critical requirement for achieving wider adoption of hybrid and public cloud. Although a number of Trusted Cloud concepts have been proposed, they suffer from limitations in resilience, scalability and dynamism.

We tackle these limitations with the creation of a distributed attestation service, Porridge. Porridge achieves resiliency, as multiple attestation workers are employed and redundant workers assigned for attesting each Virtual Machine (VM); scalability, as the attestation load and responsibility is automatically distributed evenly among workers; adaptivity to cloud dynamism, as each VM’s virtual Trusted Platform Module (vTPM) is mapped to a stable set of physical Trusted Platform Modules (TPM) in the host and then the workers TPMs.

Overall the attestation scheme enables flexible vTPM-TPM bindings while hiding details of cloud infrastructure, with the root-of-trust for the VM not bound to its underlying host’s TPM, but to its managing workers. This concept can be extended to support more advanced cloud security through the introduction of Trusted Service Providers providing Cloud Attestation as a Service (CAaaS).

Authors: Wallom, D; Ruan, A; Blundell, D

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Institute of Engineering and Technology
• Host title: 12th IET International System Safety and Cyber Security Conference, 30 October - 1 November 2017 | IET London: Savoy Place
• Journal: 12th IET International System Safety and Cyber Security Conference
• Publication date: 2017-01-01
• Acceptance date: 2017-09-21
• DOI: 10.1049/cp.2017.0175
• ISBN: 9781785617461