157 research outputs found
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Agent-Based Cloud Resource Management for Secure Cloud Infrastructures
The cloud offers clear benefits for computations as well as for storage for diverse application areas. Security concerns are by far the greatest barriers to the wider uptake of cloud computing, particularly for privacy-sensitive applications. The aim of this article is to propose an approach for establishing trust between users and providers of cloud infrastructures (IaaS model) based on certified trusted agents. Such approach would remove barriers that prevent security sensitive applications being moved to the cloud. The core technology encompasses a secure agent platform for providing the execution environment for agents and the secure attested software base which ensures the integrity of the host platform. In this article we describe the motivation, concept, design and initial implementation of these technologies
An Attestation Architecture for Blockchain Networks
If blockchain networks are to become the building blocks of the
infrastructure for the future digital economy, then several challenges related
to the resiliency and survivability of blockchain networks need to be
addressed. The survivability of a blockchain network is influenced by the
diversity of its nodes. Trustworthy device-level attestations permits nodes in
a blockchain network to provide truthful evidence regarding their current
configuration, operational state, keying material and other system attributes.
In the current work we review the recent developments towards a standard
attestation architecture and evidence conveyance protocols. We explore the
applicability and benefits of a standard attestation architecture to blockchain
networks. Finally, we discuss a number of open challenges related to node
attestations that has arisen due to changing model of blockchain network
deployments, such as the use virtualization and containerization technologies
for nodes in cloud infrastructures.Comment: 33 pages, 10 figure
Execution Environments for Running Legacy Applications in Multi-Party Trust Settings
Applications often assume that the same party owns all of the application’s resources, and that these resources require the same level of privacy. This assumption no longer holds when organizations outsource applications to a third-party cloud, or when the application requires access to not only public content, but private configuration, such as authentication and keying material. The result of this broken assumption is that applications either must be re-written to accommodate each new security posture, or used as-is, accepting that one party exposes private data to another.
In this dissertation, I argue the following thesis: it is possible to run legacy application binaries with confidentiality and integrity guarantees that reflect a multi-party trust setting. I support this thesis through the design, implementation, and evaluation of two distinct application-level virtualization layers that handle trust concerns on behalf of the application: conclaves and SecureMigration. Conclaves assume the availability of Intel SGX secure hardware enclaves and extend prior work in developing runtimes that execute legacy applications within an enclave.
In contrast, SecureMigration does not use secure hardware, but rather composes information flow control with process migration to execute a process across multiple physical machines owned and operated by distinct principals, while shielding each principal’s sensitive portion of the process from its peers
Cloud technology options towards Free Flow of Data
This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them
Trustworthy Knowledge Planes For Federated Distributed Systems
In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks
- …