Home > Cloud Computing, Cloud Security, Compliance, Information Security, Virtualization, Virtualization Security > NIST’s Trusted Geolocation in the Cloud: PoC Implementation

NIST’s Trusted Geolocation in the Cloud: PoC Implementation

December 22nd, 2012 Leave a comment Go to comments

I was very interested and excited to learn what NIST researchers and staff had come up with when I saw the notification of the “Draft Interagency Report 7904, Trusted Geolocation in the Cloud: Proof of Concept Implementation.”

It turns out that this report is an iteration on the PoC previously created by VMware, Intel and RSA back in 2010 which utilized Intel’s TXT, VMWare’s virtualization platform and the RSA/Archer GRC platform, as this one does.

I haven’t spent much time to look at the differences, but I’m hoping as I read through it that we’ve made progress…

You can read about the original PoC here, and watch a video from 2010 about it here.  Then you can read about it again in its current iteration, here (PDF.)

I wrote about this topic back in 2009 and still don’t have a good firm answer to the question I asked in 2009 in a blog titled “Quick Question: Any Public Cloud Providers Using Intel TXT?” and the follow-on “More On High Assurance (via TPM) Cloud Environments

At CloudConnect 2011 I also filmed a session with the Intel/RSA/VMware folks titled “More On Cloud and Hardware Root Of Trust: Trusting Cloud Services with Intel® TXT

I think this is really interesting stuff and a valuable security and compliance capability, but is apparently still hampered with practical deployment challenges.

I’m also confused as to why RSA employees were not appropriately attributed under the NIST banner and this is very much a product-specific/vendor-specific set of solutions…I’m not sure I’ve ever seen a NIST-branded report like this.

At any rate, I am interested to see if we will get to the point where these solutions will have more heterogeneous uptake across platforms.

/Hoff

Enhanced by Zemanta
  1. Rob Polansky
    January 8th, 2013 at 09:20 | #1

    I believe three of the listed authors were RSA employees who assisted with the project. I do not know why their affiliations were not listed.

    • beaker
      January 8th, 2013 at 22:38 | #2

      Hey Rob…I certainly know that (what caught my eye first was Erin’s name) — but it’s weird how this was written. I haven’t spent the time to go back and assess the differences between this and the previous work. Any highlights?

  2. Rob Polansky
    January 9th, 2013 at 12:38 | #3

    I’d point out the use of PowerCLI read information from the vSphere API and deposits it for the Archer Data Feed Manager as opposed to a standalone service that pulled the data and interacted with Archer’s Web Services. This is now more aligned with RSA Solution for Cloud Compliance. The NIST project also utilized Intel software for comparing measurements stored in the PCRs against known good values instead of storing it in Archer.

  1. No trackbacks yet.