Nowadays, critical infrastructures are managed through paradigms such as cloud/fog/edge computing and Network Function Virtualization (NFV), providing advantages as flexibility, availability, and reduced management costs. These paradigms introduce several advantages but – given their nature of physically distributed systems – leave room for various security threats, such as software integrity attacks. To counter these threats, Trusted Computing and Remote Attestation (RA) techniques can be used, to allow a third party (Verifier) to verify the software and configuration integrity of a platform (Attester). In environments composed of different objects, several RA frameworks (hardware-based, software-based, or hybrid) might need to be deployed, depending on the capabilities of the attested elements. To ease this process, we propose a new design and implementation of our Trust Monitor (TM) architecture, which implements the Trust Manager specified by ETSI for NFV environments, making it more flexible and usable in different contexts. In addition, we define a generic model for performing RA in heterogeneous environments by employing various RA technologies. More specifically, the extended TM allows flexible RA in hybrid infrastructures composed of different objects, i.e., physical nodes, virtual machines, containers, pods, and enclaves. Through tests performed in an experimental testbed, we show that the proposed implementation is scalable and usable in heterogeneous contexts.

A Flexible Trust Manager for Remote Attestation in Heterogeneous Critical Infrastructures / Bravi, Enrico; Berbecaru, Diana; Lioy, Antonio. - (2023), pp. 91-98. (Intervento presentato al convegno IEEE CloudCom2023: 14th IEEE International Conference on Cloud Computing Technology and Science‍ tenutosi a Naples (ITA) nel 4-6 December 2023) [10.1109/CloudCom59040.2023.00027].

A Flexible Trust Manager for Remote Attestation in Heterogeneous Critical Infrastructures

Bravi, Enrico;Berbecaru, Diana;Lioy, Antonio
2023

Abstract

Nowadays, critical infrastructures are managed through paradigms such as cloud/fog/edge computing and Network Function Virtualization (NFV), providing advantages as flexibility, availability, and reduced management costs. These paradigms introduce several advantages but – given their nature of physically distributed systems – leave room for various security threats, such as software integrity attacks. To counter these threats, Trusted Computing and Remote Attestation (RA) techniques can be used, to allow a third party (Verifier) to verify the software and configuration integrity of a platform (Attester). In environments composed of different objects, several RA frameworks (hardware-based, software-based, or hybrid) might need to be deployed, depending on the capabilities of the attested elements. To ease this process, we propose a new design and implementation of our Trust Monitor (TM) architecture, which implements the Trust Manager specified by ETSI for NFV environments, making it more flexible and usable in different contexts. In addition, we define a generic model for performing RA in heterogeneous environments by employing various RA technologies. More specifically, the extended TM allows flexible RA in hybrid infrastructures composed of different objects, i.e., physical nodes, virtual machines, containers, pods, and enclaves. Through tests performed in an experimental testbed, we show that the proposed implementation is scalable and usable in heterogeneous contexts.
2023
979-8-3503-3982-6
File in questo prodotto:
File Dimensione Formato  
2023279719.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 691.91 kB
Formato Adobe PDF
691.91 kB Adobe PDF Visualizza/Apri
A_Flexible_Trust_Manager_for_Remote_Attestation_in_Heterogeneous_Critical_Infrastructures.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 1.42 MB
Formato Adobe PDF
1.42 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2982766