A platform trust policy is a security assurance policy for a platform, such as its secure launch control policy, restricting applications to only execute on platforms that meet a specified trust assurance level. Compliance and auditing mechanisms must demonstrate that critical, personal, or sensitive data has only been processed on platforms that meet trust requirements.

Figure 1 – An example of how the platform trust policy relates to workload placement.

In Figure 1, the security assurance levels of compute resources are defined by the platform trust policy. The cloud compute platform’s security must meet trust policy criteria, and it is logged in the attestation service upon secure boot. The consumer, referencing the platform trust policy, selects the security level required for a trusted workload execution. The cloud platform monitor ensures that the compute platform security level is maintained and the compliance confirms that workloads have been securely processed.

Related Patterns:

• Geotagging
• Trusted Cloud Resource Pools

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.

The architectural model upon which this design pattern is based is further covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit www.arcitura.com/books.