Experiences in Trusted Cloud Computing

Authors

  • Ian Oliver Nokia Bell Labs, Security Research, Karakaari 3, 02610 Espoo, Finland
  • Silke Holtmanns Nokia Bell Labs, Security Research, Karakaari 3, 02610 Espoo, Finland
  • Shankar Lal Nokia Bell Labs, Security Research, Karakaari 3, 02610 Espoo, Finland

DOI:

https://doi.org/10.13052/jicts2245-800X.635

Keywords:

NFV, Trusted Computing, Security, Telecommunications, Cloud

Abstract

While trusted computing is a well-known technology, its role has been limited in scope and to single machines. The advent of cloud computing, its role as critical infrastructure and the requirement for trust between the users of computing resources combines to form a perfect environment for trusted and high-integrity computing. Indeed, the use of trusted computing is an enabling technology over nearly all ‘cyber’ areas: secure supply chain management, privacy and critical data protection, data sovereignty, cyber defence, legal etc. To achieve this generalization, we must fundamentally redefine what we mean by trusted and high-integrity computing. We are required to go beyond the boot-time trust and rethink notions of run-time trust, partial trust, how systems are constructed, the trust between management and operations, compute and storage infrastructure and the dynamic provisioning of services by external parties. While attestation technologies, so-called run-time trust and virtualized TPM are being brought to the fore, adopting these does not solve any of the fundamental problems of trust in the cloud.

Downloads

Download data is not yet available.

Author Biographies

Ian Oliver, Nokia Bell Labs, Security Research, Karakaari 3, 02610 Espoo, Finland

Ian Oliver works for Nokia Bell Labs as a senior security researcher specialising in high-integrity and trusted Network Function Virtualisation, and on occasion the more theoretical underpinnings of privacy and privacy engineering. He also holds a Research Fellow position at the University of Brighton working with the Visual Modelling Group on diagrammatic forms of reasoning and semantics.

Prior to that he worked as the privacy officer for Nokia Services and for eleven years at Nokia Research Centre working with Semantic Web, UML, formal methods and hardware-software co-design. He has also worked at Helsinki University of Technology and Aalto University teaching formal methods and modelling with UML. He holds over 40 patents in areas such as The Internet of Things, semantic technologies and privacy, as well as numerous papers in these areas. He is the author of the book: Privacy Engineering – A Data Flow and Ontological Approach. (www.privacyengineeringbook.net)

Ian lives in Sipoo, Finland with his wife, two children, dog and cat. https://www.bell-labs.com/usr/ian.oliver

Silke Holtmanns, Nokia Bell Labs, Security Research, Karakaari 3, 02610 Espoo, Finland

Silke Holtmanns is a security expert at Nokia Bell Labs and research new attack vectors and mitigation approaches. She holds a PhD in Mathematics and her current research area combines data analytics, penetration testing and privacy. The creation of new and the investigation of existing security attacks using SS7, Diameter and GTP protocols via the Interconnect lead to new countermeasures for 4G/5G networks. She is also actively supporting the evolution of 5G intereconnection security in 3GPP. The identfied countermeasures using techniques combine monitoring, filtering, and advanced protection with machine learning. As an expert on existing and future attack patterns for interconnection security, she provides advice to our company, customers, standard boards, and regional and national regulating governmental bodies e.g. US FCC or EU ENISA. Recently, she started investigating potential risk areas of 5G, which has a different architecture and design concept compared to the previous releases.

She serves as a regular organizer and editor for workshops and special issues. She has over 18 years experience in mobile security research and standardization with strong focus on 3GPP security and GSMA. She is rapporteur of ten 3GPP specifications and editor of the GSMA Interconnection Diameter Signalling Protection document.

References

Yang, W. and Fung, C. (2016). A survey on security in network functions virtualization. In NetSoft Conference and Workshops (NetSoft), IEEE (pp. 15–19). IEEE.

Operators, N. (2012). Network functions virtualization, an introduction, benefits, enablers, challenges and call for action. In SDN and OpenFlow SDN and OpenFlow World Congress.

ETSI, G. (2013). Network functions virtualisation (nfv): Architectural framework, ETSI GS NFV, 2(2), p.V1.ETSI.

Haldar, V., Chandra, D. and Franz, M. (2004). Semantic remote attestation: a virtual machine directed approach to trusted computing. In USENIX Virtual Machine Research and Technology Symposium.

Han, B., Gopalakrishnan, V., Ji, L. and Lee, S. (2015). Network function virtualization: Challenges and opportunities for innovations. IEEE Communications Magazine, 53(2), 90–97.

Krautheim, F. J., Phatak, D. S. and Sherman, A. T. (2010). Introducing the trusted virtual environment module: a new mechanism for rooting trust in cloud computing. In International Conference on Trust and Trustworthy Computing (pp. 211–227). Springer, Berlin, Heidelberg.

Rocha, F. and Correia, M. (2011). Lucy in the sky without diamonds: Stealing confidential data in the cloud. In IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), (pp. 129–134). IEEE.

ETSI, G. (2014). NFV Security and Trust Guidance, ETSI GS NFV-SEC 003 V1.1.1.

ETSI, G. (2015). Network Function Virtualization: Trust; Report on Attestation Technologies and Practices for Secure Deployments, ETSI GS NFV SEC 007 V0.0.3.

Khan, K. M. and Malluhi, Q. (2010). Establishing trust in cloud computing. IT professional, 12(5), 20–27.

Stumpf, F., Benz, M., Hermanowski, M. and Eckert, C. (2007). An approach to a trustworthy system architecture using virtualization. In International Conference on Autonomic and Trusted Computing (pp. 191–202). Springer, Berlin, Heidelberg.

Yan, Z., Zhang, P. and Vasilakos, A. V. (2016). A security and trust framework for virtualized networks and software-defined networking. Security and Communication Networks, 9(16), 3059–3069.

Zhang, Q., Cheng, L. and Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.

Ravidas, S., Lal, S., Oliver, I. and Hippelainen, L. (2017). Incorpora- ting trust in NFV: Addressing the challenges. In 20th Conference on Innovations in Clouds, Internet and Networks (ICIN), (pp. 87–91). IEEE.

Lal, S., Ravidas, S., Oliver, I. and Taleb, T. (2017). Assuring virtual network function image integrity and host sealing in Telco cloue. In IEEE International Conference on Communications (ICC), (pp. 1–6). IEEE.

Downloads

Published

2018-09-20

How to Cite

Oliver, I. ., Holtmanns, S. ., & Lal, S. . (2018). Experiences in Trusted Cloud Computing. Journal of ICT Standardization, 6(3), 263–278. https://doi.org/10.13052/jicts2245-800X.635

Issue

2018: Vol 6 Iss 3

Section

Articles