WP 3 Core Certification Mechanisms
The overall aim of this work package will be to design and implement the mechanisms required for generating CUMULUS certificates within cloud infrastructures. CUMULUS assumes that a certificate for a given security property SP may be generated through a combination of three types of evidence (aka sources of trust): (a) test data regarding the component that is to be certified, (b) monitoring data regarding the component that is to be certified, and/or (c) other certificates that may have been generated for other properties of the component of interest or other components that contribute its implementation (i.e., constituent components that provide part of the component functionality or cloud infrastructure elements which provide some infrastructure service to it such as messaging, persistent storage management and the like) and which SP depends on. Consequently, it is envisaged that in order to reason and maintain these forms of evidence as part of a cloud certification process the following mechanisms will be necessary:
- Testing mechanisms covering all layers in the cloud stack
- Monitoring mechanisms covering all layers in the cloud stack
- Mechanisms for generating certificates based on Trusted Computing proofs
- Mechanisms for combining certificates
The design of these mechanisms will be informed by the CUMULUS certification models and processes that will be developed in work package WP2.
Description of work and role of partners
Task 3.1 – Testing mechanisms for cloud service certificates [Leader: UMIL] (M1 – M24): This task will focus on the development of mechanisms suitable for testing cloud-based services and applications. The above mechanism will operate driven by certification processes and models requiring testing (as specified in WP2) and, depending on these processes, may need to cover different layers of the cloud stack. The developed mechanisms will also support incremental testing in the cloud. Task 3.1 will consider existing mechanisms for software and service testing and if possible will rely on them to provide a solution that fits the certification requirements for cloud services.
Task 3.2 – Monitoring mechanisms for cloud service certificates [Leader: CITY] (M1 – M24): This task will focus on the development of mechanisms for monitoring cloud services. These mechanisms will operate driven by certification models and processes (as specified in WP2) requiring monitoring and, depending on these processes, may need to cover different layers of the cloud stack. The monitoring mechanisms developed in this task should be able to support the generation of generalised descriptions of the monitoring conditions under which a set of properties which need either to be certified for the first time or which have been certified by some other means (e.g. offline testing in cloud) but should also be operationally verified in real cloud deployment conditions, are satisfied or not. This capability will be important for enabling the composability and verifiability analysis described in Task 3.4 below. We expect that the monitoring mechanisms of the CUMULUS framework will be developed through the integration and customisation of generic monitoring systems for cloud SaaS services (e.g. EVEREST ), and monitors for cloud infrastructures (e.g., Ganglia ).
Task 3.3 – Mechanisms for CUMULUS certificates based on Trusted Computing [Leader: UMA] (M1 – M24): This task will focus on defining mechanisms to allow CUMULUS certifications to refer to runtime-verifiable conditions based on the use of Trusted Platform Modules (TPM). The main goal is to enhance current software certification models by enabling them to depend on conditions that can be dynamically verified using Trusted Computing technologies. In this way CUMULUS certificates can contain conditions that refer to the actual state of the platform configuration at the moment of use of the certificate, as opposed to current certifications that can only refer to conditions verified at the moment of production of the certificate. This enhancement is especially important in very dynamic scenarios like Cloud Computing, in which the runtime conditions are very difficult to ensure by other means. Coupled with the CUMULUS capabilities for multi-layer certification (task T3.4) and monitoring (task T3.2), this feature allows a high degree of continuous assurance for the cloud services and applications.
Task 3.4 – Mechanisms for incremental and hybrid certificates [Leader: CITY] (M15 – M32): This task will focus on the development of mechanisms for verifying certificates in the light of continuous evidence regarding the operation of services within clouds (incremental certification) and generating certificates through the composition of different types of evidence and properties (hybrid and multi-layer certification). The mechanisms will be based on and realise the certification models defined in Task 2.6. The task will also introduced any amendments to the core testing, monitoring and trusted computing mechanisms that will be necessary for the incremental and hybrid certification.