Trusted Computing and the Enterprise Software Ecosystem: Part 6 (of 7)

Part 6: Implications for Software Developers: Cloud Management Software

While the scope of trusted computing may seem limited to an individual computer, one might also consider the broader context of public or private data centers and cloud computing.

Among a data center's hosting options might be that of trusted hosting arrangements in which particular clients or applications are guaranteed to be hosted exclusively on platforms with measured launch environments, thus providing a significantly more robust notion of system software integrity. Such arrangements, for example, might be required by certain government contracts or by institutions dealing with highly sensitive data (e.g., financial or medical records) and industry-specific security robustness requirements.

Several challenges in this area are apparent. First is that of incorporating the notion of trust into cloud management software. Cloud management software is designed to automate the process of deploying applications on physical hosts and managing this assignment in a way that scales available resources in a seamless manner. Typical infrastructures make extensive use of virtualization to support fast software environment creation, multi-tenant hosting arrangements, application migration from one server to another, and the replication of software instances for the purpose of scaling.

Incorporating the notion of trust into cloud management software first requires managing information about which platforms employ a measured launch environment, and then including such information in resource allocation algorithms. Additionally, algorithms for migrating hosted services and for replicating services to meet dynamic scaling requirements must incorporate this information to insure hosting services observe their advertised policy.

Another consideration is that of transparency. That is, cloud customers and auditing agencies need a way to verify compliance in a trusted hosting arrangement in some meaningful way. As part of this solution, a methodology for remote attestation of a trusted platform is needed. Fortunately, TCG has provided special mechanisms in their TPM specification to handle this problem, including the use of an Endorsement Key (EK) and Attestation Identity Keys (AIKs) to sign TPM information robustly using public key cryptography. Such features provide a set of building blocks upon which a secure remote attestation solution can be built.

One last consideration with respect to data centers is that of measurement scheduling algorithm. To insure continued trust, platforms must periodically renew their measured status through a static or dynamic root of trust measurement. Management software developers might consider various schemes for this (e.g., staggered rotation, random selection, event-triggered renewal) as well as developing workload migration patterns and algorithms that complement them in efficient ways.

Reportez-vous à notre Notice d'optimisation pour plus d'informations sur les choix et l'optimisation des performances dans les produits logiciels Intel.