Automatic taxonomy generation: Issues and possibilities
Raghu Krishnapuram, Krishna Kummamuru
IFSA 2003
Migrating systems onto virtualized environments, such as cloud platforms, is becoming a business imperative. Such platforms offer the promise of higher resilience combined with a relatively low cost of ownership. The platforms also involve a number of challenges that hinder their adoption, and a primary concern involves security. These security concerns stem in part from vulnerabilities that underlying virtualization functionality introduces, such as the ability to capture and replay the execution state of a virtualized machine. In systems where security is paramount, HSMs (hardware security modules) are often used. HSMs provide a tamper-resistant environment for storing sensitive cryptographic material and for executing cryptographic operations using this material. HSMs may appear to be important components for enhancing the security of virtual environments; however, current implementations are not well suited for this purpose. In this paper, we describe a typical HSM solution stack based on the de facto industry standard called PKCS #11 (Public Key Cryptography Standard # 11). We explain the challenges introduced by virtualized platforms and show why the typical architectures based on PKCS #11 are not suitable for such environments. Finally, we describe an alternative IBM HSM solution called EP11 (Enterprise PKCS #11) and show how it addresses many of these challenges.
Raghu Krishnapuram, Krishna Kummamuru
IFSA 2003
Pradip Bose
VTS 1998
Raymond F. Boyce, Donald D. Chamberlin, et al.
CACM
Limin Hu
IEEE/ACM Transactions on Networking