Cloud computing provides many benefits including convenience, consolidation, compatibility, and cost-reduction. However, security is a major concern, since cloud resources are shared with other users who may be adversarial. The goal of this research is to define a framework for security-on-demand: cloud customers can request the security they need and cloud providers can map these security requests to the appropriate secure servers. Since customers have different security needs, a range of threat models is explored together with servers with different security capabilities. Research contributions include (1) new strategies for measuring cloud server security capabilities, and (2) new hardware-software mechanisms for collecting runtime trust evidence that a server is enforcing a customer's requested security policy. (3) Secure protocols are designed for collecting and reporting server security capabilities to cloud management software, as well as (4) a hardware-software security verification methodology to verify these protocols, using model checking and other tools. (5) Novel actionable models of cloud servers? security properties that can be matched to customers' requests are implemented by new trust monitoring and policy enforcement modules. Also, (6) hardware mechanisms and migration protocols for secure Virtual Machine migration to improve cloud security are designed. The broader impact of this work includes providing greater security in cloud computing for customers, allowing cloud providers to differentiate their offerings with security provisioning using different secure server architectures, enabling the specification and provisioning of customized and verifiable security, and providing a research platform for investigating secure hardware and software architecture in a cloud environment.
