2013 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing
Secure Storage Service for IaaS Cloud Users
Jinho Seol, Seongwook Jin, and Seungryoul Maeng
Computer Science Department, KAIST, Daejeon, Korea
{jhseol,swjin}@calab.kaist.ac.kr, maeng@cs.kaist.ac.kr
Abstract—Cloud computing enables to reduce operating costs and
maximize resource utilization. However, current cloud infrastructure
is insufficient to guarantee the confidentiality of classified information
for cloud users because one of administrators with privilege or remote
hackers compromising management tools can leak the information.
This paper addresses storage issues in cloud computing and proposes a
secure storage service where stored user data are protected even against
a malicious administrator and compromised software. We describe the
architecture of proposed design and discuss the security issues of the
design.
I. I NTRODUCTION
Cloud computing refers the computing paradigm where software
and hardware are provided as a service. Cloud computing is in
the spotlight because it is possible to reduce operating costs and
maximize resource utilization as pay-as-you-go model is a basic
philosophy of cloud computing. Cloud computing provides attractive
environment in that physical servers don’t have to be managed
directly by cloud users and elasticity against scalability problem is
also provided.
Nevertheless, companies regarding the security as the first principle
of governance are reluctant to use cloud computing service. The
main reason is anxiety about the security of their VMs. As plenty
of stakeholders including a cloud provider and cloud users co-exist
in cloud computing environment, the VMs allocated to a cloud user
are influenced by hypervisor, a management OS, which means the
OS of a management VM, or other VMs even in a single cloud
node. Furthermore, cloud administrators have privileges to control
the VMs. It means a malicious administrator can easily leak the user
data using management tools[4]. As a result, the virtual machines are
more vulnerable to information leakage than the physical machines.
In this paper we propose secure storage architecture using crypto-
processors for cloud users. User data are encrypted and even a
malicious administrator cannot access the cryptographic keys, and the
decrypted data are isolated from the management OS. Accordingly,
user data are protected from cloud administrators and other users.
More secure cloud computing environment is guaranteed in the
proposed architecture, and thus it is expected to migrate from server
hosting service to cloud computing service more and more.
II. BACKGROUND
There are three entities to protect the confidentiality of guest
VMs: processing, memory, and I/O. Processing and memory can be
protected by H/W such as VT-x and AMD-V and S/W techniques
such as [2], [3]. If processing and memory are protected, the guest
virtual machine is safe as far as no I/O operation is involved.
However, transferring the input or output data of computation is an
essential process in cloud computing environment. That’s why the
last entity, I/O should be protected in cloud computing. Generally, all
network traffics can be encrypted within a guest virtual machine and
thus, they are safe during transfer. However, it implies an assumption
that the cryptographic keys are protected safely. The cryptographic
keys are generally stored in the storage. Therefore, protecting storage
is the basic foundation of all other I/O devices.
978-0-7695-4996-5/13 $26.00 © 2013 IEEE
DOI 10.1109/CCGrid.2013.31
Mgmt. VM Guest VM
Storage
Terminal Driver
in Cloud
Hypervisor
Local
Remote
Storage
Storage Cloud Node
Privileged Access Illigal Access with Privilege
Fig. 1. Threat Model
III. S ECURE S TORAGE R EQUIREMENTS
A. Assumption & Threat Models
Cloud systems consist of lots of software components. Among
them, hypervisor and a management OS coexist with guest VMs
in a single cloud node. When the hypervisor is compromised, the
confidentiality of guest VMs cannot be guaranteed. However, the
code size of the hypervisor is smaller than that of traditional OS, and
thus the hypervisor has relatively less security holes[2].
A management OS is an important attack point of remote hackers
or a malicious administrator. The management OS can access its own
memory even though the memory of guest VM prevents from being
accessed[2], [3]. It means information leakage by means of observing
I/O of guest VMs via split drivers in management OS is still possible.
Therefore, the main threat of this work is information leakage by
accessing local storage via the management OS or direct access to
remote storage with privilege. We also assume defense mechanisms
against hardware attacks are well-equipped and thus hardware attacks
are inexecutable.
B. Requirements
The requirements for secure storage summarized as follows.
• Isolated cryptographic operation: A malicious administrator or
remote hackers can have control over the management OS.
Therefore, when plain text or decrypted data are loaded in the
memory of the management OS, they can be leaked by using
privileged operations in the management OS. As a result, the
result of cryptographic operations should be isolated from the
management OS.
• Infrastructure cryptographic operation: Key delivery from cloud
users involves connection to outside cloud systems. It means ad-
ditional service is needed for key delivery. Thus, cryptographic
keys should exist in the cloud system. Moreover, full-disk
encryption is implementable because guest OS is uninvolved.
• Key protection: To protect the keys perfectly, we need a key
storage service where the keys are inaccessible even with
privileged access.
190

Device Mgmt. VM Guest VM
Authority TPM Crypto−
Processor
Driver Driver
Hypervisor
EK PCR AIK EK DA Key
TPM
Cloud Node
Fig. 2. Architecture Overview
IV. S YSTEM D ESIGN
A. Overview
Figure 2 shows the overall architecture of our system. Cloud
nodes are equipped with a crypto-processor, which plays a role of
encryption, decryption, and key storage, and Trusted Platform Module
(TPM), which is used to verify the system state of cloud nodes. As
the crypto-processors are the bare bones of the proposed system,
they have to be verified by third party called Device Authority (DA).
System states are measured into Platform Configuration Register
(PCR) of TPM. Endorsement Key (EK) and Attestation Identity Key
(AIK) in the TPM are used to represents the identity of the TPM. A
PCI crypto-processor also has EK for the identity of itself. DA key
is used for verifying the signature of DA.
B. Challenges
Even though crypto-processors are operational in cloud node, two
main challenges remains to provide a secure storage service. As the
device driver of crypto-processor is placed in the management OS, we
need to isolate the decrypted (or plain) text from the management OS.
If the management OS is able to access the result of cryptographic
operations, the confidentiality of stored data cannot be guaranteed.
The other challenge is to ensure safe system states. Hypervisor is in
charge of access control. Thus, if hypervisor doesn’t protect illegal
access from the management OS, the information leakage of guest
VMs is unavoidable.
To ensure a secure storage service, the proposed architecture
achieves plain text isolation from the management OS and safe
system state guarantee as following two sections.
C. Plain text isolation
Generally, when a guest VM reads stored data block, the man-
agement OS reads the requested block from disk, and afterward,
sends the block to the guest VM. However, as the block is encrypted,
decrypting process is needed before the block is sent to the guest VM.
At the same time, decrypted text should not be accessed from the
management OS. To achieve this goal, hypervisor manipulates page
tables to block unauthorized accesses. Figure 3 shows the mapping of
the management OS, guest VM and crypto-processor. Once encrypted
data are loaded to memory by the management OS, the crypto-
processor is in charge of decryption. The device will access the
encrypted data and write plain data to other part of memory after
decrypting. Hypervisor manipulates page table of the management OS
and the IOMMU (I/O Memory Management Unit)[1] page table of
the crypto-processor, thus, the device is able to access both encrypted
and decrypted data whereas the management OS can access only
the encrypted data. As a result, the data of guest VM can preserve
confidentiality from the management OS.
Mgmt. VM Hypervisor Physical
Memory
Page
Table
Encrypted
Guest VM Nested Data
Page
Table
Guest Plain
Page Data
Table
PCI Device
IOMMU
Page
Table
PCI Device
Encrypted Data Access Plain Data Access
Fig. 3. Plain Text Isolation
D. Safe system state guarantee
If a malicious administrator or remote hackers can compromise the
image of hypervisor and reboot the system, compromised hypervisor
will be loaded, and thus there is no guarantee that the hypervisor plays
a role of isolation. We design that the crypto-processor activates itself
only if the system states are attested to avoid unwanted hypervisor.
We don’t present details of the activation protocol due to space
limitation.
V. S ECURITY A NALYSIS & D ISCUSSION
The secure system states could be used to activate the crypto-
processor illegally. The malicious management OS on compromised
hypervisor would try to use the measurement value of attested
hypervisor. Thus, DA needs an a-priori list of pairs, which comprise
EK of TPM and EK of crypto-processor from one physical cloud
node not to face the unwanted situation. At the last step of activation
process, DA will attest the system state. During attestation, DA have
to also check whether the system state is from requested node or not.
If compromised hypervisor tries to use the system state of another
machine, DA can detect and will refuse the activation request.
VI. C ONCLUSION & F UTURE W ORK
Security is primary consideration for the users who consider using
cloud services. However, guaranteeing secure cloud computing envi-
ronment is cumbersome and tortuous. This paper presents a secure
storage service for the users via crypto-processors. The proposed
architecture makes the users lighthearted because it is guaranteed
that stored data in cloud systems are encrypted and cannot be leaked
even with privileged accesses. Currently, we are developing a PCI
prototyped board and implementing its functionalities. We plan to
implement a fully functional prototype including PCI device crypto-
processors, device drivers, and the activation server of DA.
ACKNOWLEDGMENT
This work was supported by the IT R&D Program of MKE/KEIT.
[KI002090, Development of Technology Base for Trustworthy Computing]
R EFERENCES
[1] AMD. I/O virtualization technology (IOMMU) specification, 2011.
[2] C. Li, A. Raghunathan, and N. Jha. Secure virtual machine execution
under an untrusted management OS. In Cloud Computing (CLOUD),
2010 IEEE 3rd International Conference on, pages 172–179, 2010.
[3] D. G. Murray, G. Milos, and S. Hand. Improving xen security through
disaggregation. In Proceedings of the fourth ACM SIGPLAN/SIGOPS
international conference on Virtual execution environments, VEE ’08,
page 151160, New York, NY, USA, 2008. ACM. ACM ID: 1346278.
[4] B. D. Payne, M. D. de Carbone, and W. Lee. Secure and flexible
monitoring of virtual machines. In Computer Security Applications
Conference, 2007. ACSAC 2007. Twenty-Third Annual, pages 385–397.
IEEE, Dec. 2007.
191