Now Offering a 50% Discount When a Minimum of Five Titles in Related Subject Areas are Purchased TogetherAlso, receive free worldwide shipping on orders over US$ 395.(This offer will be automatically applied upon checkout and is applicable to print & digital publications)Browse Titles

Special Offers
- Receive a 50% Discount When a Minimum of Five Titles are Purchased Together
  This 50% discount is automatically applied upon checkout and is only applicable when five or more reference books and scholarly journals are ordered. Discount valid on purchases made directly through IGI Global’s Online Bookstore (www.igi-global.com) and cannot be combined with any other discount. It may not be used by distributors or book sellers and the offer does not apply to databases. Exclusions of select titles may apply.
  Browse Titles
- IGI Global Converts Over 30+ Journals to Full Gold Open Access (OA)
  With access to digital resources and OA content being critical during this time, IGI Global has converted 30 journals to full Gold OA. IGI Global OA provides a quality, expediate, high-quality OA publishing process, flexible funding options, and more, which allows researchers to benefit from freely and immediately sharing their peer-reviewed research with the world.
  Learn More
- Additional Source of OA Funding When Your Institution Invests in IGI Global’s e-Collections
  When an institution invests in IGI Global’s e-Book and/or e-Journal Collections, IGI Global will match the library’s investment with a fund of equal value to go toward subsidizing the OA article processing charges (APCs) for faculty at that institution when their work is submitted and accepted under OA (following peer review) into an IGI Global journal.
  Learn More
- Reduced Research Anthology Pricing
  Based on the increased interest in our Research Anthologies line from last year and understanding current budgetary limitations, IGI Global is reducing the price of our multi-volume Research Anthologies up to 50%. These publications are ideal for accommodating library budgets, as they contain hand-selected research content of the highest quality.
  Learn More
- Receive Complimentary Electronic Access to the First, Second, Third, and Fourth Edition of the
  Encyclopedia of Information Science and Technology with the Purchase of the Fifth Edition
  For a limited time, receive the complimentary e-books for the first, second, third, and fourth editions with the purchase of the Encyclopedia of Information Science and Technology, Fifth Edition e-book*. Offer is only valid when purchasing the fifth edition’s hardcover + e-book or e-book only option directly through IGI Global’s Online Bookstore (www.igi-global.com/books) and is not intended for use by book distributors or wholesalers. Contact Customer Service, cust@igi-global.com, for details. Offer expires July 1, 2021.
  Learn More
- Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
- Receive Free Shipping on Orders Over US$ 395.00
  Free shipping will be automatically applied to shopping cart orders over US$ 395.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning e-Book and e-Journal Collections.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
e-Collections
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Results and Discussions

Source Title: Detection and Mitigation of Insider Attacks in a Cloud Infrastructure: Emerging Research and Opportunities

DOI: 10.4018/978-1-5225-7924-3.ch006

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

This chapter describes the proof-of-concept of the proposed protocol architecture. The eXtensible modular hypervisor framework has been utilized to build the TrustVisor hypervisor along with the core modules: cryptography operations, TEE, and TPM emulator, which contains TPM library function to make a secure communication with TPM hardware. The constructed hypervisor has been placed in the cloud server grub entry to make a choice of hypervisor. To ensure the trust worthiness of cloud platform, a remote attestation concept is used along with the most popular and widely used method called integrity measurement architecture (IMA). Remote attestation uses IMA. It works based on binary attestation concept. After configuring IMA, it calculates and extends the hashes of all components while boot process into their respective PCRs. To ensure the remote attestation with privacy preserving of NC, the authors used attestation identity key (AIK) for signing hashes of PCRs while performing quote operation. They used TPM emulator for communication with TPM device using TPM driver.

Chapter Preview

Top

Performance Of Tpm Commands

As discussed earlier, we used open source cloud software called eucalyptus to establish an IaaS private cloud for our testing. Eucalyptus consists well defined components such as node controller, cloud controller, walrus, storage controller and cluster controller, those provides efficient communication among resources using web-service. Eucalyptus is an EC2 API-compatible and which is an answer to commercial Amazon EC2 cloud infrastructure. Eucalyptus supports libvirt hypervisor, it consists most popular hypervisors Xen and KVM hypervisors. The eucalyptus components are well defined with web-service based interfaces and those components are developed using high-level and standard packages such as Axis2, Apache, and Rampart . Our proposed architecture utilizes these components to prove that our concept is secure from insider attacks.

The node controller is the central component of our proposed eucalyptus cloud frame work, where cloud controller can launch and execute virtual machines. The proposed framework implemented on HP elite Notebook 8540 with configuration of Intel i5 processor, 8GB RAM, 500HDD and Ubuntu 12.04 as a host OS. The Eucalyptus cloud software used for implementing the private cloud that provides an infrastructure for launching virtual machine’s. The experimental results show that proposed framework has greater ability to reduce the TCB minimization and less over heads while communicate with TPM device through the host operating system.The Intel SENTER (AMD SKINIT) instruction takes 20.5ms for the initiation of secure boot along with the TrustVisor hypervisor boot process. The PCR Extend is used to quote respective PCR value and it took 10.68ms. The TPM quote for measuring the PCR values with hash values are calculated and replaced with new hash digest and this operation took 357.68ms. Thus, it shows us that Flicker based environment takes long time to respond for the TPM quote. The seal and unseal operation takes 45.29ms and 537.87ms, when compared to other hypervisor performance in both operations TrustVisor has great ability to reduce the overheads in unseal operation.

Figure 1.

TPM performance evaluation (ms)

The remote attestation took 100.3ms for trusting the platform using the PCR values with cryptographic techniques those we discussed earlier sections. The results show us that TrustVisor has great ability to reduce the overheads during the TPM operations.

Table 1.

HMAC and basic operations on TrustVisor (ms)

	Extend	Seal	Unseal	Quote
Native Linux	24066	358102	1008654	815654
TrustVisor	533	11.7	12.6	21000
	HMAC		Sign
	Avg	Stdev	Avg	Stdev
Flicker	62.644	0.181	67.461	0.008
TrustVisor	0.051	0.003	5.012	0.018

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Results and Discussions

Abstract

Performance Of Tpm Commands

Complete Chapter List