Integrity Protection and Attestation of Security Critical Executions on Virtualized Platform in Cloud Computing Environment

As cloud infrastructure saves cloud user the budget to purchase relatively expensive and easily outdated hardware and the energy to maintain system, some compromises comes along as well, such as computing environment and stored data out of control, which put cloud user on the horns of a dilemma. In order for cloud users to have more faith with the security of computing environment and data on the remote uncontrolled cloud, trust should be built between them. It's easier to trust when you can verify. We took advantage of sealed storage of trust computing to improve traditional trust chain technology in order to provide a dual verifiable trusted bootstrap to make sure each compartment during system bootstrap not to be maliciously changed. We extend trusted chain to memory by developing monitoring tools in privileged domain using features provided by virtual machine monitor to monitor and record runtime states of security critical application in targeted virtual machine instance. Inspiring by traditional security technology such as sandbox, we designed and implemented a "out-of-box" fine-grained security critical application monitoring utilizing system call interposition and virtual machine introspection. Measurements of system configurations stored in platform configuration registers of TPM along with runtime states of application in cloud user's virtual machine are reported to corresponding cloud user through remote attestation which is a key feature of trusted computing as well in order to provide genuine evidences to cloud user.