Mustapha Hedabou^1,2, Ali Azougaghe³, Ahmed Bentajer⁴, ¹University Mohammed VI Polytechnic, Morocco, ²University Cadi Ayyad, Morocco, ³ENSIAS Mohammed V University in Rabat, Morocco and ⁴ENSA School of Tetouan Abdelmalek Essaadi University, Morocco

On the past decade, Trusted Platform Modules (TPM) have become a valuable tool for providing a high level of trust on locally executing software. Indeed, in addition to its availability on most commodity computers, TPM are totally free of cost unlike other available Hardware-Based devices while they offer the same level of security. Enhancing trust in SaaS services regarding the security and the privacy of the hosted SaaS application services can turn out to be a pertinent application scope of TMP. In this paper we present a design for a trusted SaaS model that gives cloud users more confidence into SaaS services by leveraging TPM functionalities combined with a trusted source code certifying authority facility. In our design, the cloud computing provider hosting the SaaS services acts as a root of trust by providing final cloud users insurance on the integrity of the SaaS application service running on its platform. A new mechanism of multisignature is developed for computing a join signature of SaaS service software by the trusted authority and TPM. A prototype implementation of the proposed design shows that the integrity of SaaS application service before and after it was launched on a cloud provider platform is guaranteed at low cost.

Cloud computing, SaaS services, TPM, trust, Code source certification, Mutlisignature schemes.