Scalable distributed service integrity attestation for software-as-a- service clouds

Juan Du, Daniel J. Dean, Yongmin Tan, Xiaohui Gu, Ting Yu

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.

Original languageEnglish
Article number6471974
Pages (from-to)730-739
Number of pages10
JournalIEEE Transactions on Parallel and Distributed Systems
Volume25
Issue number3
DOIs
Publication statusPublished - 1 Mar 2014
Externally publishedYes

Fingerprint

Cloud computing
Hardware
Processing

Keywords

  • cloud computing
  • Distributed service integrity attestation
  • secure distributed data processing

ASJC Scopus subject areas

  • Hardware and Architecture
  • Signal Processing
  • Computational Theory and Mathematics

Cite this

Scalable distributed service integrity attestation for software-as-a- service clouds. / Du, Juan; Dean, Daniel J.; Tan, Yongmin; Gu, Xiaohui; Yu, Ting.

In: IEEE Transactions on Parallel and Distributed Systems, Vol. 25, No. 3, 6471974, 01.03.2014, p. 730-739.

Research output: Contribution to journalArticle

Du, Juan ; Dean, Daniel J. ; Tan, Yongmin ; Gu, Xiaohui ; Yu, Ting. / Scalable distributed service integrity attestation for software-as-a- service clouds. In: IEEE Transactions on Parallel and Distributed Systems. 2014 ; Vol. 25, No. 3. pp. 730-739.
@article{4dcca94a2bf346f9b76e03393f737b51,
title = "Scalable distributed service integrity attestation for software-as-a- service clouds",
abstract = "Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.",
keywords = "cloud computing, Distributed service integrity attestation, secure distributed data processing",
author = "Juan Du and Dean, {Daniel J.} and Yongmin Tan and Xiaohui Gu and Ting Yu",
year = "2014",
month = "3",
day = "1",
doi = "10.1109/TPDS.2013.62",
language = "English",
volume = "25",
pages = "730--739",
journal = "IEEE Transactions on Parallel and Distributed Systems",
issn = "1045-9219",
publisher = "IEEE Computer Society",
number = "3",

}

TY - JOUR

T1 - Scalable distributed service integrity attestation for software-as-a- service clouds

AU - Du, Juan

AU - Dean, Daniel J.

AU - Tan, Yongmin

AU - Gu, Xiaohui

AU - Yu, Ting

PY - 2014/3/1

Y1 - 2014/3/1

N2 - Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.

AB - Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.

KW - cloud computing

KW - Distributed service integrity attestation

KW - secure distributed data processing

UR - http://www.scopus.com/inward/record.url?scp=84894545644&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84894545644&partnerID=8YFLogxK

U2 - 10.1109/TPDS.2013.62

DO - 10.1109/TPDS.2013.62

M3 - Article

VL - 25

SP - 730

EP - 739

JO - IEEE Transactions on Parallel and Distributed Systems

JF - IEEE Transactions on Parallel and Distributed Systems

SN - 1045-9219

IS - 3

M1 - 6471974

ER -