Add to my Schedule Session Block—Privacy Engineering
09 Sep 2019 11:00 AM - 11:20 AM (UTC)
20190909T1100 20190909T1120 UTC Extending trusted clouds to create trusted services Trusted Cloud Computing (TCC) though still in its infancy is a requirement for a significant number of IT consumers who have still not transitioned to cloud computing services due to concerns about cy... Transforming Privacy Law into Practice | 9-10 September | University of Oxford events@oasis-open.org

Trusted Cloud Computing (TCC) though still in its infancy is a requirement for a significant number of IT consumers who have still not transitioned to cloud computing services due to concerns about cybersecurity. Despite the advantages of migrating to the cloud the key issue they face is one of trust. To utilise the cloud in its current form the consumer must completely trust their cloud provider. Alongside this though one of the core benefit of Cloud Computing is scalability, this benefit does not translate to cloud security, as most security solutions do not scale across boundaries of a single data centre or platform. 


This lack of scalabilty in security solutions and hence lack of trust restricts full deployment of Cloud Computing in mission critical applications such as the Energy, Finance and Health sectors as well as for core business within other sensitive organisations. Building on an earlier work (Porridge) we present a framework that integrates several Trusted Cloud solutions which provides scalable security solutions across multiple cloud deployment types including for the first time, public cloud. 


Porridge (a TCC solution) is a distributed attestation service that aims to provide resilient attestation service through the provision of redundant workers even as multiple attestation workers are deployed. Porridge relies on the flexible vTPM/TPM bindings where the root of trust is not bound to the underlying host's TPM but to its workers. Cyberhive Gatekeeper allows services to be accessed only via a trusted and secured Virtual Private Network (VPN) gateway. Using Cyberhive ensures that no one single security lapse can result in a loss of service. This service provides encryption for services deployed over the cloud infrastructure. Cyberhive requires the TC components provided by Porridge to provide real-time constant attestation of service state.

Outline of Presentation : 

  • Porridge - Cyberhive 
  • Encrypt Cloud 
  • Trusted VPN 
  • Central Gov 
  • Flow Diagram of 365