Source: IEEE Micro Special Issues on Security, Volume 36, Issue 5 (2016)
Cloud customers need assurances regarding the security of their virtual machines (VMs) operating within an infrastructure-as-a-service cloud system. This is complicated by the customer not knowing where the VM is executing and by the semantic gap between what the customer wants to know versus what can be measured in the cloud. In this article, the authors present an architecture for monitoring a VM's security health. Their architecture can communicate this to the customer in an unforgeable manner. The authors show a concrete implementation of property-based attestation and a full prototype based on the OpenStack open source cloud software.