Trusted Geolocation in the Cloud

Current Status

This project is currently seeking technology vendors and service providers to participate in the development of multiple implementations. Please see our Federal Register notice for more information. This was published on May 11, 2017 and will be open for 30 days.

Download the Trusted Geolocation in the Cloud project description (PDF) for full project details.

Building on the work done within NIST IR 7904 Trusted Geolocation in the Cloud: Proof of Concept Implementation, this project will expand upon the security capabilities provided by trusted compute pools and expand the build to include:

  • Data Protection and Encryption Key Management Enforcement Based on Trust-Based and Geolocation-Based Homogeneous Secure Migration within a Single Cloud Platform
  • Persistent Data Flow Segmentation Before and After the Trust-Based and Geolocation-Based Homogeneous Secure Migration within a Single Cloud Platform
  • Industry Sector Compliance Enforcement for Regulated Workloads Before and After the Trust-Based and Geolocation-Based Homogeneous Secure Migration
  • Trust-Based and Geolocation-Based Homogeneous and Policy Enforcement in a Secure Cloud Bursting across Two Cloud Platforms

These additional capabilities will not only provide assurances that workloads in the cloud on running on trusted hardware and in a trusted geolocation, but also improve the protections for the data in the workloads and flowing between workloads.  The goal of the build is to also extend all of these capabilities into a hybrid cloud scenario. 

If you have any questions or suggestions or interest in collaborating in this project, please email the team at trusted-cloud-nccoe@nist.gov.

Summary

While cloud computing offers businesses and other organizations cost savings and flexibility, these shared resources can introduce security and privacy challenges. 

Enterprises that use cloud services want to be assured that:

  • the cloud compute platform hosting their workload has not been modified or tampered
  • sensitive workloads on a multi-tenancy cloud platform are isolated within a logically defined environment from the workloads of competing companies 
  • workload migration occurs only between trusted clusters and within trusted data centers 
  • cloud servers are located in their preferred regions or home countries so that the cloud provider is subject to the same data security and privacy laws 

Unfortunately, traditional geolocation, the process for asserting the integrity of the cloud compute hardware and enforcing the physical location of an object, is based on operational security control. The method is not secure and does not lend itself to automation and scaling of the cloud computing platform. 

To meet these business needs and help accelerate the adoption of cost-saving cloud technologies, the NCCoE collaborated with Intel, RSA, and HyTrust on NIST Interagency Report 7904. This automated “hardware root of trust” determines the integrity of the compute hardware and restricts the workloads to cloud servers within a location. The hardware root of trust is a tamper-proof combination of hardware and firmware—deployed by a cloud service provider, business or organization using cloud services—with a unique identifier for the cloud server host and metadata about the server platform. Using secure protocols, a business can access this information to find out if the platform is still as it was when first deployed, determine the location of the cloud server, and enforce geolocation-based restrictions.

This project relies on trusted compute pools: segregated portions of the cloud with security requirements that match the value and sensitivity of the workloads they contain. With NIST IR 7904, we have demonstrated the use of RSA Archer commercial enterprise and risk management solutions and dashboard reporting to assess these pools, or compute nodes, by measuring them at launch time, monitoring them continuously, and determining their physical location and levels of compliance.