An Effective Auditing Scheme for Cloud Computing

In this paper, we present a novel secure auditing scheme for cloud computing systems. Several auditing schemes have been proposed for the cloud, which periodically trigger the auditing function. These schemes are designed to monitor the performance and behavior of the cloud. One major problem with these kind of schemes is that they are vulnerable to the transient attack (also known as the timed scrubbing attack). Our secure auditing scheme is able to prevent the transient attack via modification of the Linux auditing daemon - auditd, which creates attestable logs. Our scheme utilizes the System Management Mode (SMM) for integrity checks and the Trusted Platform Module (TPM) chip for attestable security. Specifically, we modify the auditing daemon protocol such that it records a hash of each audit log entry to the TPM's Platform Configuration Register (PCR), which gives us an attestable history of every command executed on the cloud server. We perform real experiments on two cloud servers and the results show that the overhead of our scheme is very small.