Shielding Applications from an Untrusted Cloud with Haven

@article{Baumann2014ShieldingAF,
  title={Shielding Applications from an Untrusted Cloud with Haven},
  author={Andrew Baumann and Marcus Peinado and Galen C. Hunt},
  journal={ACM Transactions on Computer Systems (TOCS)},
  year={2014},
  volume={33},
  pages={1 - 26}
}
Today’s cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider’s staff and its globally distributed software/hardware platform not to expose any of their private data. We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware). Our prototype, Haven, is the first system to achieve shielded execution of… Expand
ISA-Based Trusted Network Functions And Server Applications In The Untrusted Cloud
TLDR
This paper identifies a number of NF and server application use-cases that trusted execution can be applied to, and leverages Intel's Software Guard Extensions (SGX) architecture to design Trusted Execution Environments (TEEs) for cloud-based NFs and server applications. Expand
SeM: A CPU Architecture Extension for Secure Remote Computing
TLDR
The Secure Machine is presented, a CPU architecture extension that addresses both software attacks and off-chip hardware attacks using novel fine-grained cache and register protection managed by a CPU-resident, publicly identifiable hardware Security Management Unit (SMU). Expand
TrApps: Secure Compartments in the Evil Cloud
TLDR
This paper proposes TrApps, a secure platform for general-purpose trusted execution in an untrusted cloud with multiple isolated tenants based on the ARM TrustZone technology, and demonstrates its performance with trusted execution of memcached with an overhead of only 36.9% compared to the vanilla implementation and execution. Expand
Performance of Trusted Computing in Cloud Infrastructures with Intel SGX
TLDR
This paper studies Intel’s Software Guard eXtensions (SGX), and experimentally quantifies how basic usage of this instruction set extension will affect how cloud hosted services must be constructed. Expand
Establishing Trusted I/O Paths for SGX Client Systems With Aurora
TLDR
A novel architecture called Aurora is proposed to provide trusted I/O paths for enclave programs even in the presence of untrusted system software to protect real-world applications including OpenSSH client, OpenSSL server/client and SQLite database. Expand
Secure the Cloud
In response to the revival of virtualized technology by Rosenblum and Garfinkel [2005], NIST defined cloud computing, a new paradigm in service computing infrastructures. In cloud environments, theExpand
SeRoT: A Secure Runtime System on Trusted Execution Environments
  • Jingbin Liu, Yu Qin, D. Feng
  • Computer Science
  • 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
  • 2020
TLDR
This work proposes SeRoT, a new secure runtime system on trusted execution environments that protects the host interface at two levels, binary interface level and application interface level, and shows the scheme is average about 10% faster than Keystone on two popular and representative benchmarks. Expand
TRUSTED CODE EXECUTION ON UNTRUSTED PLATFORMS USING INTEL SGX
Today, isolated trusted computation and code execution is of paramount importance to protect sensitive information and workfl ows from other malicious privileged or unprivileged software. IntelExpand
Enabling Usable and Performant Trusted Execution
TLDR
The resilience of trusted execution technologies to speculative execution, micro-architectural attacks, which put cloud infrastructure at risk is analyzed and a new architectural design for out-oforder processors which defeats all known speculative execution attacks is proposed. Expand
Scaling Databases through Trusted Hardware Proxies
TLDR
This work presents a mechanism to run trusted proxies on clients in order to offload large parts of the workload from a database server, showing that none of the integrity and confidentiality guarantees provided by the database are weakened as a result this mechanism. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 104 REFERENCES
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
TLDR
This paper proposes a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM. Expand
Using ARM trustzone to build a trusted language runtime for mobile applications
TLDR
The Trusted Language Runtime is presented, a system that protects the confidentiality and integrity of .NET mobile applications from OS security breaches and reduces the TCB of an open source .NET implementation by a factor of $78$ with a tolerable performance cost. Expand
Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor
TLDR
Experimental results from a prototype implementation based on Hyper-V demonstrate that Credo provides enhanced security guarantees to emancipated VMs at a modest cost, most of which is a one-time startup cost from a VM’s perspective, while adding only a small amount of code to a VM's TCB. Expand
TrustVisor: Efficient TCB Reduction and Attestation
TLDR
TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible. Expand
Virtual ghost: protecting applications from hostile operating systems
TLDR
Virtual Ghost interposes a thin hardware abstraction layer between the kernel and the hardware that provides a set of operations that the kernel must use to manipulate hardware, and provides a few trusted services for secure applications such as ghost memory management, encryption and signing services, and key management. Expand
Scalable architectural support for trusted software
  • D. Champagne, Ruby B. Lee
  • Computer Science
  • HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture
  • 2010
TLDR
Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing thehypervisor to provide the same protection to security-critical OS and application modules. Expand
Splitting interfaces: making trust between applications and operating systems configurable
TLDR
The design and implementation of Proxos is described, a system that allows applications to configure their trust in the OS by partitioning the system call interface into trusted and untrusted components. Expand
SecureME: a hardware-software approach to full system security
TLDR
This work proposes SecureME, a hardware-software mechanism that provides a secure computing environment that protects an application from hardware attacks by using a secure processor substrate, and also from the Operating System through memory cloaking, permission paging, and system call protection. Expand
Implementing an untrusted operating system on trusted hardware
TLDR
This paper discusses the experience with building such a platform using a traditional time-sharing operating system executing on XOM, a processor architecture that provides copy protection and tamper-resistance functions and describes techniques for providing traditional operating systems services in this context. Expand
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
TLDR
A virtual-machine-based system called Overshadow is introduced that protects the privacy and integrity of application data, even in the event of a total OS compromise, and is used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system. Expand
...
1
2
3
4
5
...