sesa 19(20): e3

Research Article

Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log

Download87 downloads
  • @ARTICLE{10.4108/eai.13-7-2018.162290,
        author={Anyi Liu and Selena Haidar and Yuan Cheng and Yingjiu Li},
        title={Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={6},
        number={20},
        publisher={EAI},
        journal_a={SESA},
        year={2019},
        month={4},
        keywords={homomorphic encryption, finite state automaton, virtual machine, container.},
        doi={10.4108/eai.13-7-2018.162290}
    }
    
  • Anyi Liu
    Selena Haidar
    Yuan Cheng
    Yingjiu Li
    Year: 2019
    Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log
    SESA
    EAI
    DOI: 10.4108/eai.13-7-2018.162290
Anyi Liu1,*, Selena Haidar1, Yuan Cheng2, Yingjiu Li3
  • 1: Department of Computer Science and Engineering, Oakland University, 2200 N. Squirrel Road Rochester, MI 48309, USA
  • 2: Department of Computer Science, California State University, Sacramento, 6000 J Street, Sacramento, CA 95819, USA.
  • 3: Singapore Management University, 81 Victoria Street, 188065, Singapore
*Contact email: anyiliu@oakland.edu

Abstract

Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible to various exploits. In this paper, we present VERDICT, a system that amplifies the capability of the existing cloud audit services and allows users to check the state of a cloud job through the confidential model and audit log. VERDICT extracts the model from an application and keeps it in the encrypted form. The encrypted model is partitioned and updated with homomorphic encryption cipher in multiple sandboxes. The state of a delegated job can be checked by cloud users at any time. We implement VERDICT and deploy it in the VMs and containers on popular cloud platforms. Our evaluation shows that VERDICT is capable of reporting the state of a cloud job at run time, keeping the model confidential, and detecting malicious operations.