Adaptive data-driven service integrity attestation for multi-tenant cloud systems
read more
Citations
Hatman: Intra-cloud Trust Management for Hadoop
Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds
A Survey on Cloud Computing Security
Computation certification as a service in the cloud
Result verification mechanism for MapReduce computation integrity in cloud computing
References
The Byzantine Generals Problem
Dryad: distributed data-parallel programs from sequential building blocks
Dynamic provable data possession
Zyzzyva: speculative byzantine fault tolerance
HAIL: a high-availability and integrity layer for cloud storage
Related Papers (5)
Frequently Asked Questions (10)
Q2. What are the main goals of the service integrity attestation scheme?
Their service integrity attestation scheme has two major design goals: 1) support runtime continuous attestation with low overhead; and 2) pinpoint malicious (or compromised) service instances among a large number of interacted service instances without assuming any prior knowledge about which service instances are trusted.
Q3. What is the minimum requirement for a service instance to be non-repudiated?
To achieve non-repudiation, each service instance is required to produce a receipt for each data it receives and sign the data it has processed [12].
Q4. How does AdapTest reduce the detection time of inconsistency relationships?
AdapTest expedites the exposure of inconsistency relationships and therefore shorten detection time using two adaptive node selection schemes.
Q5. What is the basic idea of a service integrity attestation scheme?
The basic idea is to duplicate some original inputs and re-send them as attestation data to different functionally-equivalent service instances for consistency check.
Q6. What is the rationale for attesting suspicious nodes together?
AdapTest strives to attest suspicious nodes together with benign nodes since two colluding malicious nodes will try to avoid producing inconsistent results with each other.
Q7. How can AdapTest reduce the overhead of a malicious node?
The experimental results show that AdapTest can reduce attestation overhead by up to 60% and shorten the malicious node pinpointing delay by up to 40% compared to previous approaches.
Q8. How is the integrity of the software platform ensured?
The integrity of the software platform is ensured by employing a remote trusted attester to challenge the trusted entity who provides an integrity evidence through some cryptographic means.
Q9. What is the value of the pairwise trust score between two service instances?
Definition 3: The pairwise trust score between two service instances si and sj , denoted by βi,j , is calculated by the fraction of consistent results when si is attested against sj .
Q10. What is the rationale for attesting suspicious nodes?
When an input data item is selected for attestation by the portal, AdapTest first identifies a pool of suspicious nodes based on node trust scores and randomly selects asuspicious node from this pool to attest.