Recipe - Verifiable Integrity of Virtual Systems

This recipe includes a packaged version of the TRAVIS primitive, which makes use of a well-known TPM function to make a claim about certain properties of a target system by supplying evidence to an appraiser over a network.

In our specific case, the client (appraiser) outsourced the execution of a business service or application to a Cloud Service Provider (CSP) and needs to verify that the state of the Cloud Provider platform (target) where the business service/application is running remains the same as expected, at any point in time. Moreover, the client demands an evidence of such unchanged state, i.e. an evidence of the integrity of the remote virtual platform, and expects to be able to verify it without the CSP’s meddling.

The primitive provides the following functionalities:

  • continuous verification of the integrity of the outsourced business services/applications and the underlying infrastructure,
  • monitoring and reporting about Integrity aspects in Cloud Services Agreements.

The TRAVIS Recipe provides detailed instructions and scripts to support its correct deployment and configuration in a virtual environment. Additionally, the Recipe includes a testing infrastructure that leverages Vagrant, to automatically deploy and configure test VMs equipped with TRAVIS agents. This testing infrastructure permits configuration of several parameters, allowing for a complete performance evaluation.