CloudVaults: Integrating Trust Extensions into System Integrity Verification for Cloud-Based Environments

While the rapid evolution of container-based virtualization technologies, emerging as an integral part of cloud-based environments, brings forth several new opportunities for enabling the provision of distributed, mixed-criticality services, it also raises significant concerns for their security, resilience, and configuration correctness. In this paper, we present CloudVaults for coping with these challenges: a multi-level security verification framework that supports trust aware service graph chains with verifiable evidence on the integrity assurance and correctness of the comprised containers. It is a first step towards a new frontier of security mechanisms to enable the provision of Configuration Integrity Verification (CIV), during both load- and run-time, by providing fine-grained measurements in supporting container trust decisions, thus, allowing for a much more effective verification towards building a global picture of the entire service graph integrity. We additionally provide and benchmark an open-source implementation of the enhanced attestation schemes.