Dynamic Remote Attestation Service for Virtual Machine on the IaaS Cloud Platform

While the Infrastructure-as-a-Service (IaaS) cloud computing model has become a compelling computing solution, the security concerns on the data and application integrity in the virtual machines (VMs) have drastically restricted its widespread adoption. Although numerous researches have been dedicated to deal with the aforementioned issues, it still remains a challenge for now. In this paper, we present DRAS, a novel framework for remote attestation on VMs in IaaS cloud. It combines trusted computing with virtual machine introspection to provide flexible measurement for targeted VMs in a stealthy manner, which is more robust to malicious attackers. Moreover, we minimize the impact on platform performance and reduce trusted computing base by separating integrity measurement and attestation service from privileged domain to a dedicated secure VM. We show a concrete implementation of DRAS and a prototype based on Xen hypervisor.