Making the cloud secure

Posted by Ken Y-N on August 14th, 2010 at 04:25pm

I recently came across an interesting article on security issues in Cloud Computing, which outlined the key security issues associated with Cloud Computing, and suggests the two key methods of securing these systems are first data tagging to stop data going where it shouldn’t, and second, having a hardware root of trust like the Trusted Platform Module offered by the Trusted Computing Group. The article says:

The [hardware root of trust for the Cloud] is rapidly evolving from the specifications of the Trusted Computing Group. This involves the use of special secure chips, such as Intel’s Trusted Execution Technology, being embedded within the servers. These hold a trusted profile for the server, and they examine, measure and compare all of the processing components of the server with that trusted profile whenever the server is turned on or reset. Put simply, if your cloud provider is using such a system, there is nowhere on the server for malware to hide; and Jay Heiser’s concern about the platform being ‘owned’ by hackers is solved.

While it’s nice to read such a positive review of the TPM in the cloud, I do think it is a bit too optimistic to claim that the problem is solved by this technology. In particular, as the quote above says, a TPM in the cloud is a rapidly evolving solution – it’s not there yet, and even when it gets there it will not be marketed as a 100% solution, I hope. As a simple rebuttal, there also needs to be run-time integrity checks; the Mobile Trusted Module does this, and indeed I have had a conversation with someone who reckons the dynamically-verifying Mobile Trusted Module model is more suitable to the cloud than the static TPM.

Tags: cloud computing

Under Virtualisation Tags: cloud computing