The Role of Trusted Infrastructure in Application Deployment

While there is much talk about how to secure data and systems in cloud computing, many gaps remain in implementing such security. As users of any physical security systems can attest, it just takes one unsecured door or window to provide easy access to an intruder and loss of valued property. Clearly with data in the cloud, the situation is much worse. Cloud users can have their data stolen by more than one intruder. And, the cost of a security breach can easily run into the millions of dollars range - far more than most thieves could steal in hardware.

The root problem of cloud security is caused

The root problem of cloud security is caused by users' inability to verify directly the trusted computing base. In the cloud, users have the choice of either verifying to establish trust prior to implementing cloud services or simply trust in the first instance and at that time hope for the best. The latter approach is not suggested. The suggested process of initial verification involves standards, research and certification. Deeper verification involves the use of integrity measurement and remote attestation of the elements of the cloud computing base.

Using legacy applications in the shared IT environment of cloud computing requires replacing physical with virtual boundaries. This is the infrastructure consolidation challenge for cloud users and providers. Today, most of the products and existing standards address specific devices or functionality within the overall end to end process. During many standards and products contribute to the ability to solve various portions of the problem, no comprehensive framework exists to describe the needs of various businesses and validate the compliance of the entire solution. As applications migrate into the cloud and the service-oriented elements of composite applications are hosted on infrastructure in other words shared with other tenants and potentially provided by multiple providers, it is critical to the integrity of the overall composite application to establish a trust domain that describes a coherent policy for the infrastructure services that become part of the application domain.

Trusted Multi-Tenant Infrastructure

Trusted Computing Group experts have determined that in a Trusted Multi-Tenant Infrastructure, potential users are looking for protection of processing and information in motion and at rest, as so then as the ability to share physical platforms among tenant domain elements or shared services. To boot, users want visibility and auditability of actions across the enterprise. This imposes a few constraints on the solution.

The trusted multi-tenant solution is being developed by the Trusted Computing Group, which consists of member companies from over 100 key innovation providers of hardware, software and services as then as several security conscious users. TCG has developed several specifications to establish and improve trust within organizations. The initial specification defined a Trusted Platform Module or TPM - a hardware root of trust for the computing platform. Today, TPM 1.2 is an ISO standard.

TCG specifications as well define a chain of trust architecture that enables attestation of trusted platform properties. Figure 1 shows a visual example of the various TCG standards that have been established for trusted systems. One missing element, especially relevant for cloud computing, is the reference model that brings these existing standards at the same time.

The missing piece

To address the missing piece and close the gap, TCG is describing the overall framework for integrated Trusted Multi-Tenant Infrastructure solutions. Its Trusted Multi-Tenant Infrastructure solution-oriented work group is focused on the business or mission outcomes using the output of TCG's technical work groups. The intent is to produce a logical reference model consisting of elements interfaces, use cases, standards alignment and gaps as so then as compliance validation. This open model will be used by TMI WG industry experts as a framework for building secure enterprise solutions.

With the use cases established, the at once step involves deriving a reference model. A logical view of the TMI reference architecture is shown in Figure 3. In this figure, the User Access Device supports connecting to one or more concurrent domains. Servers indicate a federated data center of servers that can host multiple independent domains. Exchange represents logical elements both physical and virtual that define cross domain information flow rules. Storage is as well federated and the network represents devices that can transfer data from multiple domains.

Looking at Trust Differently than in the PastAccording to Ponemon Institutes' Cost of a Data Breach 2010 study, the average cost of a data breach is about $3.44 million and ranges from $1.83 to $6.75 million in different regions of the world.  Enterprises must consider the cost of protecting business data, whether in the internal data center or the cloud just like the cost of higher security door locks or hiring security staff.

Michael Donovan is the Chief Technologist for Strategic Capabilities with HP Enterprise Services, responsible for framework implementation to support capabilities and offering development for customers across the U.S. Public Sector. His responsibilities include harvesting existing solutions for re-use and developing new capabilities to meet the complex needs of federal, state and local governments, leveraging the best of our current account and corporate capabilities and those supported by our partner ecosystem and HP Labs. He as well co-chairs the Trusted Multi-Tenant Infrastructure Work Group of the Trusted Computing Group.