Providing User Security Guarantees in Public Infrastructure Clouds

Research output: Contribution to journalArticlepeer-review


The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants-insulated from the minutiae of hardware maintenance-rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

Original languageEnglish
Article number7399365
Pages (from-to)405-419
Number of pages15
JournalIEEE Transactions on Cloud Computing
Issue number3
Publication statusPublished - 2017 Jul 1
Externally publishedYes

Subject classification (UKÄ)

  • Other Computer and Information Science


  • cloud computing
  • Security
  • storage protection
  • trusted computing


Dive into the research topics of 'Providing User Security Guarantees in Public Infrastructure Clouds'. Together they form a unique fingerprint.

Cite this