1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to security of cloud computing environments.
2. Description of the Background Art
Virtual machines, in general, are well known in the art of computer science. Generally speaking, a virtual machine is a software implementation of a machine (i.e., a computer) that executes programs like a physical machine. Multiple virtual machines may run on a single computer hardware platform, which is also referred to as “host machine.” Although the virtual machines run in the same host machine, each virtual machine has its own operating system and application programs, and functions as a computing environment separate from the host machine and the other virtual machines.
Cloud computing refers to services, storage, processing, and other computing tasks performed over a computer network using distant server computers. Cloud computing provides computational resources to an end-user without the end-user setting up his own computing infrastructure. Examples of public cloud service providers include Amazon Web Services™, Rackspace™, and GoGrid™. OpenStack™ is an example open software initiative for building public and private cloud computing environments.
Public cloud computing allows for utility-model pricing. That is, the user typically pays only for what he uses. To facilitate setup and use of a cloud computing service, cloud service providers either offer pre-built virtual machine images themselves or offer a marketplace where a third party can sell or give pre-built virtual machine images to users. A virtual machine image comprises a data file that stores all information, including operating system, application programs, etc., required to startup one or more simultaneous and active virtual machines. The licensing aspects of using virtual machine images (e.g., those with Microsoft Windows™ software) may be built into the pricing of the virtual machine images, and some cloud service providers have worked out agreements with some software vendors.
A virtual machine image, which also referred to simply as “machine image”, may include an operating system and other software for providing services in the cloud computing environment. A problem for customers when taking advantage of pre-built virtual machine images has to do with trust. That is, the customer does not know whether or not the virtual machine images are free of malware, such as computer viruses, Trojans, spyware, and other malicious codes. To make matters worse, malware writers may perform actions to artificially increase the reputation of a virus-infected virtual machine image to make the machine image more attractive to end-users.