An Architecture for Security Health Monitoring and Attestation in Cloud Computing

Web Published:

Princeton Docket # 15-3171-1


Researchers at Princeton University, Department of Electrical Engineering, have developed a distributed architecture to monitor and attest the security health of cloud customers' virtual machines (VMs) in a cloud computing system.


Cloud providers want to monitor VMs to provide a secure and efficient computing environment to their customers. But there are few security health monitoring mechanisms in today's clouds. In addition, current attestation mechanisms are not very powerful or efficient. Current attestation techniques only focus on the integrity of a platform’s software stack.


This invention is a distributed architecture, called CloudMonatt. It can provide monitoring services and attestation of different security properties, based on the customers' demand. It can also enable customers to monitor the VM at different stages during the VM's lifecycle, either one-time or periodically. The CloudMonatt framework can also provide mitigations to the vulnerabilities in the system. It has the potential for being deployed in commercial cloud computing centers−both public clouds and private clouds. More importantly, CloudMonatt is easy to deploy and requires minimal hardware addition, since it leverages commercial cloud computing software (OpenStack) and hardware (TPM, monitoring tools, etc.).



•       Cloud computing centers

1.       Detects and monitors the Security health of VMs

2.       Produces unforgeable attestation reports

3.       Protects VMs from security breaches



•       Security monitoring

•       Attestation of security properties based on customers’ demand

•       Minimal or no hardware addition to the current system


The Faculty Inventor


Ruby B. Lee is the Forrest G. Hamrick Professor in Engineering and Professor of Electrical Engineering at Princeton University, with an affiliated appointment in the Computer Science Department. She is the director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS). Professor Lee is an expert in hardware-enhanced security and has designed architectures for secure processors, secure caches that do not leak information through side-channel attacks, and secure servers for cloud computing. Her research is in the intersection of computer architecture and cyber security. She is a Fellow of the Association for Computing Machinery (ACM) and a Fellow of the Institute of Electrical and Electronic Engineers (IEEE). She holds over 120 U.S. and international patents.




Tianwei Zhang and Ruby B. Lee, “CloudMonatt: an architecture for security health monitoring and attestation of virtual machines in cloud computing”, IEEE/ACM Annual International Symposium on Computer Architecture (ISCA), June 16, 2015.


Pramod Jamkhedkar, Jakub Szefer, Diego Perez-Botero, Tianwei Zhang, Gina Triolo and Ruby B. Lee, “A Framework for Realizing Security on Demand in Cloud Computing”, Proceedings of IEEE International Conference on Cloud Computing Technology and Science (CloudCom), December 2013.


Intellectual Property & Development status

Patent protection is pending.

Princeton is currently seeking commercial partners for the further development and commercialization of this opportunity.



Anthony Williams

Princeton University Office of Technology Licensing

• (609) 258- 3769•

Xin (Shane) Peng

Princeton University Office of Technology Licensing

• (609) 258-5579•


Patent Information:
Computers and Software
For Information, Contact:
Tony Williams
Princeton University
Ruby Lee
Tianwei Zhang
cyber security
data security