TY - GEN
T1 - An effective auditing scheme for cloud computing
AU - Houlihan, Ryan
AU - Du, Xiaojiang
PY - 2012
Y1 - 2012
N2 - In this paper, we present a novel secure auditing scheme for cloud computing systems. Several auditing schemes have been proposed for the cloud, which periodically trigger the auditing function. These schemes are designed to monitor the performance and behavior of the cloud. One major problem with these kind of schemes is that they are vulnerable to the transient attack (also known as the timed scrubbing attack). Our secure auditing scheme is able to prevent the transient attack via modification of the Linux auditing daemon - auditd, which creates attestable logs. Our scheme utilizes the System Management Mode (SMM) for integrity checks and the Trusted Platform Module (TPM) chip for attestable security. Specifically, we modify the auditing daemon protocol such that it records a hash of each audit log entry to the TPM's Platform Configuration Register (PCR), which gives us an attestable history of every command executed on the cloud server. We perform real experiments on two cloud servers and the results show that the overhead of our scheme is very small.
AB - In this paper, we present a novel secure auditing scheme for cloud computing systems. Several auditing schemes have been proposed for the cloud, which periodically trigger the auditing function. These schemes are designed to monitor the performance and behavior of the cloud. One major problem with these kind of schemes is that they are vulnerable to the transient attack (also known as the timed scrubbing attack). Our secure auditing scheme is able to prevent the transient attack via modification of the Linux auditing daemon - auditd, which creates attestable logs. Our scheme utilizes the System Management Mode (SMM) for integrity checks and the Trusted Platform Module (TPM) chip for attestable security. Specifically, we modify the auditing daemon protocol such that it records a hash of each audit log entry to the TPM's Platform Configuration Register (PCR), which gives us an attestable history of every command executed on the cloud server. We perform real experiments on two cloud servers and the results show that the overhead of our scheme is very small.
KW - Cloud computing
KW - auditing
KW - performance
UR - http://www.scopus.com/inward/record.url?scp=84877647337&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84877647337&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2012.6503342
DO - 10.1109/GLOCOM.2012.6503342
M3 - Conference contribution
AN - SCOPUS:84877647337
SN - 9781467309219
T3 - Proceedings - IEEE Global Communications Conference, GLOBECOM
SP - 1599
EP - 1604
BT - 2012 IEEE Global Communications Conference, GLOBECOM 2012
T2 - 2012 IEEE Global Communications Conference, GLOBECOM 2012
Y2 - 3 December 2012 through 7 December 2012
ER -