Towards a cloud-based integrity measurement service

Author(s)

Zic, John; Hardjono, Thomas

Abstract

The aim of this paper is to propose the use of a cloud-based integrity management service coupled with a trustworthy client component – in the form of the Trust Extension Device (TED) platform – as a means to to increase the quality of the security evaluation of a client. Thus, in addition to performing authentication of the client (e.g. as part of Single Sign-On), the Identity Provider asks that the integrity of the client platform be computed and then be evaluated by a trustworthy and independent Cloud-based Integrity Measurement Service (cIMS). The TED platform has been previously developed based on the Trusted Platform Module (TPM), and allows the integrity measurement of the client environment to be conducted and reported in a secure manner. Within the SSO flow, the portable TED device performs an integrity measurement of the client platform, and sends an integrity report to the cIMS as part of the client authentication process. The cIMS validates the measurements performed by the TED device, and reports a trust score to the Identity Provider (IdP). The IdP takes into account the reported trust score when the IdP computes and issues a Level of Assurance (LOA) value to the client platform. In this way the Service Provider obtains a greater degree of assurance that the client’s computing environment is relatively free of unrecognized and/or unauthorized components.

Date issued

2013-02

URI

http://hdl.handle.net/1721.1/77957

Department

Massachusetts Institute of Technology. Information Services and Technology

Journal

Journal of Cloud Computing

Publisher

Springer Verlag

Citation

Zic, John, and Thomas Hardjono. “Towards a Cloud-Based Integrity Measurement Service.” Journal of Cloud Computing: Advances, Systems and Applications 2.1 (2013): 4.

Version: Author's final manuscript

ISSN

2192-113X