liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Protection of Non-Volatile Data in IaaS-environments
Linköping University, Department of Computer and Information Science.
2014 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Infrastructure-as-a-Service (IaaS) cloud solutions continue to experience growth, but many enterprises and organizations are of the opinion that cloud adoption has decreased security in several aspects. This thesis addresses protection of IaaS-environment non- volatile data. A risk analysis is conducted, using the CORAS method, to identify and evaluate risks, and to propose treatments to those risks considered non-acceptable. The complex and distributed nature of an IaaS deployment is investigated to identify di↵erent approaches to data protection using encryption in combination with Trusted Computing principles. Additionally, the outcome of the risk analysis is used to decide the advantages and/or drawbacks of the di↵erent approaches; encryption on the storage host, on the compute host or inside the virtual machine. As a result of this thesis, encryption on the compute host is decided to be most beneficial due to minimal needs for trust, minimal data exposure and key management aspects. At the same time, a high grade of automation can be obtained, retaining usability for cloud consumers without any specific security knowledge. A revisited risk analysis shows that both non- acceptable and acceptable risks are mitigated and partly eliminated, but leaves virtual machine security as an important topic for further research. Along with the risk analysis and treatment proposal, this thesis provides a proof-of-concept implementation using encryption and Trusted Computing on the compute host to protect block storage data in an OpenStack environment. The implementation directly follows the Domain-Based Storage Protection (DBSP) protocol, invented by Ericsson Research and SICS, for key management and attestation of involved hosts.

Place, publisher, year, edition, pages
2014. , 78 p.
Keyword [en]
IaaS, security, risk analysis
National Category
Computer and Information Science
URN: urn:nbn:se:liu:diva-112954ISRN: LIU-IDA/LITH-EX-A--14/062--SEOAI: diva2:780110
Subject / course
Computer and information science at the Institute of Technology
Available from: 2015-01-15 Created: 2015-01-02 Last updated: 2015-01-15Bibliographically approved

Open Access in DiVA

fulltext(1642 kB)197 downloads
File information
File name FULLTEXT01.pdfFile size 1642 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Computer and Information Science
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 197 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 272 hits
ReferencesLink to record
Permanent link

Direct link