Abstract
Today, a serious concern about cloud computing is the protection of clients’ data and computations against various attacks from outsiders as well as against the cloud provider. Moreover, cloud clients are rather limited in implementing, deploying and controlling their own security solutions in the cloud. The provider theoretically has access to stored keys in dormant images and deploying keys during run-time is infeasible because authenticating running VM instances is not possible.
In this paper, we present a security architecture that allows for establishing secure client-controlled Cryptography-as-a-Service (CaaS) in the cloud: Our CaaS enables clients to be in control of the provisioning and usage of their credentials and cryptographic primitives. They can securely provision keys or even implement their private virtual security module (e.g., vHSM or SmartCard). All clients’ cryptographic operations run in a protected client-specific secure execution domain. This is achieved by modifying the Xen hypervisor and leveraging standard Trusted Computing technology. Moreover, our solution is legacy-compatible by installing a transparent cryptographic layer for the storage and network I/O of a VM. We reduced the privileged hypercalls necessary for administration by 79%. We evaluated the effectiveness and efficiency of our design which resulted in an acceptable performance overhead.
Chapter PDF
References
AlertLogic. An empirical analysis of real world threats: State of cloud security report (2012), http://www.alertlogic.com/resources/state-of-cloud-security-report/
Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors – a survey. Proceedings of the IEEE 94(2), 357–369 (2006)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: 19th ACM Symposium on Operating Systems Principles (SOSP 2003). ACM (2003)
Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: 15th ACM Conference on Computer and Communications Security (CCS 2008). ACM (2008)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: 15th Conference on USENIX Security Symposium. USENIX (2006)
Berson, T., Dean, D., Franklin, M., Smetters, D., Spreitzer, M.: Cryptography as a Network Service. In: Network and Distributed Systems Security Symposium, NDSS 2001 (2001)
Bogdanov, D., Laur, S., Willemson, J.: Sharemind: A framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008)
Bugiel, S., Nürnberger, S., Pöppelmann, T., Sadeghi, A.-R., Schneider, T.: AmazonIA: When Elasticity Snaps Back. In: 18th ACM Conference on Computer and Communications Security (CCS 2011). ACM (October 2011)
Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy, V.: Self-service cloud computing. In: 19th ACM Conference on Computer and Communications Security (CCS 2012). ACM (October 2012)
Catuogno, L., et al.: Trusted Virtual Domains – Design, Implementation and Lessons Learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS (2008)
Chen, Y., Sion, R.: To cloud or not to cloud?: musings on costs and viability. In: 2nd ACM Symposium on Cloud Computing (SOCC 2011). ACM (2011)
CVE-2007-4993. Bug in pygrub allows guests to execute commands in dom0
CVE-2008-1943. Buffer overflow in xensource allows to execute arbitrary code
Danev, B., Masti, R.J., Karame, G.O., Capkun, S.: Enabling secure VM-vTPM migration in private clouds. In: 27th Annual Computer Security Applications Conference (ACSAC 2011). ACM (2011)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Dyer, J.G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.W., Weingart, S.: Building the IBM 4758 secure coprocessor. IEEE Computer (2001)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: 19th ACM Symposium on Operating Systems Principles (SOSP 2003). ACM (2003)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: 41st Annual ACM Symposium on Theory of Computing. ACM (2009)
Kelem, N., Feiertag, R.: A separation model for virtual machine monitors. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 78–86 (May 1991)
Madnick, S.E., Donovan, J.J.: Application and analysis of the virtual machine approach to information system security and isolation. In: Workshop on Virtual Computer Systems. ACM (1973)
McCune, J., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: IEEE Symposium on Security and Privacy (SP 2010). IEEE (2010)
McCune, J., Parno, B., Perrig, A., Reiter, M., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: 3rd European Conference on Computer Systems (EuroSys 2008). ACM (2008)
Murray, D.G., Milos, G., Hand, S.: Improving xen security through disaggregation. In: 4th Int. Conference on Virtual Execution Environments (VEE 2008). ACM (2008)
Rocha, F., Correia, M.: Lucy in the sky without diamonds: Stealing confidential data in the cloud. In: 41st International Conference on Dependable Systems and Networks Workshops (DSNW 2011). IEEE (2011)
Rushby, J.M.: Proof of separability: A verification technique for a class of a security kernels. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, pp. 352–367. Springer, Heidelberg (1982)
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Workshop on New Security Paradigms (NSPW 2004). ACM (2004)
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)
Sadeghi, A.-R., Wolf, M., Stüble, C., Asokan, N., Ekberg, J.-E.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a mac-based security architecture for the xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference (ACSAC 2005). IEEE (2005)
Santos, N., Gummadi, K., Rodrigues, R.: Towards trusted cloud computing. In: Hot topics in cloud computing (HotCloud 2009). USENIX (2009)
Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: A new abstraction for building trusted cloud services. In: 21st USENIX Security Symposium. USENIX (2012)
Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: ACM Workshop on Cloud Computing Security (CCSW 2010). ACM (2010)
Thibault, S.: Stub domains: A step towards dom0 disaggregation (2010), http://www.xen.org/files/xensummitboston08/SamThibault_XenSummit.pdf
Trusted Computing Group (TCG). TCG specification architecture overview, revision 1.4 (2007)
Trusted Computing Group (TCG). Trusted platform module specifications (2008)
van Dijk, M., Rhodes, J., Sarmenta, L.F.G., Devadas, S.: Offline untrusted storage with immediate detection of forking and replay attacks. In: 2007 ACM workshop on Scalable trusted computing (STC 2007). ACM (2007)
Wang, Z., Jiang, X.: Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In: 2010 IEEE Symposium on Security and Privacy (SP 2010). IEEE (2010)
Williams, D., Jamjoom, H., Weatherspoon, H.: The xen-blanket: virtualize once, run everywhere. In: 7th ACM European Conference on Computer Systems (EuroSys 2012). ACM (2012)
Xu, S., Sandhu, R.: A scalable and secure cryptographic service. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 144–160. Springer, Heidelberg (2007)
Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: 23rd ACM Symposium on Operating Systems Principles (SOSP 2011). ACM (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bleikertz, S., Bugiel, S., Ideler, H., Nürnberger, S., Sadeghi, AR. (2013). Client-Controlled Cryptography-as-a-Service in the Cloud. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38980-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-38980-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38979-5
Online ISBN: 978-3-642-38980-1
eBook Packages: Computer ScienceComputer Science (R0)