Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds

Research output: ThesisDoctoral Thesis (compilation)

1725 Downloads (Pure)


In the cloud computing service model, users consume computation resources provided through the Internet, often without any awareness of the cloud service provider that owns and operates the supporting hardware infrastructure. This marks an important change compared to earlier models of computation, for example when such supporting hardware infrastructure was under the control of the user. Given the ever increasing importance of computing, the shift to cloud computing raises several challenging issues, which include protecting the computation and ancillary resources such as network communication and the stored or produced data.
While the potential risks for data isolation and confidentiality in cloud infrastructure are somewhat known, they are obscured by the convenience of the service model and claimed trustworthiness of cloud service providers, backed by reputation and contractual agreements. Ongoing research on cloud infrastructure has the potential to strengthen the security guarantees of computation, data and communication for users of cloud computing. This thesis is part of such research efforts, focusing on assessing the trustworthiness of components of the cloud network infrastructure and cloud computing infrastructure and controlling access to data and network resources and addresses select aspects of cloud computing security.
The contributions of the thesis include mechanisms to verify or enforce security in cloud infrastructure. Such mechanisms have the potential to both help cloud service providers strengthen the security of their deployments and empower users to obtain guarantees regarding security aspects of service level agreements. By leveraging functionality of components such as the Trusted Platform Module, the thesis presents mechanisms to provide user guarantees regarding integrity of the computing environment and geographic location of plaintext data, as well as to allow users maintain control over the cryptographic keys for integrity and confidentiality protection of data stored in remote infrastructure. Furthermore, the thesis leverages recent innovations for platform security such as Software Guard Extensions to introduce mechanisms to verify the integrity of the network infrastructure in the Software-Defined Networking model. A final contribution of the thesis is an access control mechanism for access control of resources in the Software-Defined Networking model.
Original languageEnglish
Awarding Institution
  • Department of Electrical and Information Technology
  • Smeets, Bernard, Supervisor
  • Gehrmann, Christian, Supervisor
Award date2017 Sept 29
Place of PublicationLund
ISBN (Print)978-91-7753-329-0
ISBN (electronic) 978-91-7753-330-6
Publication statusPublished - 2017 Sept 4

Bibliographical note

Defence details
Date: 2017-09-29
Time: 13:00
Place: Lecture hall E:1406, E-huset, Ole Römers väg 3, Lund University, Faculty of Engineering.
External reviewer(s)
Name: Saroiu, Stefan
Title: Dr
Affiliation: Microsoft Research, USA

Subject classification (UKÄ)

  • Other Electrical Engineering, Electronic Engineering, Information Engineering

Free keywords

  • cloud computing infrastructure, security, trust


Dive into the research topics of 'Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds'. Together they form a unique fingerprint.

Cite this