9,558 research outputs found
S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
Function-as-a-Service (FaaS) is a recent and already very popular paradigm in
cloud computing. The function provider need only specify the function to be
run, usually in a high-level language like JavaScript, and the service provider
orchestrates all the necessary infrastructure and software stacks. The function
provider is only billed for the actual computational resources used by the
function invocation. Compared to previous cloud paradigms, FaaS requires
significantly more fine-grained resource measurement mechanisms, e.g. to
measure compute time and memory usage of a single function invocation with
sub-second accuracy. Thanks to the short duration and stateless nature of
functions, and the availability of multiple open-source frameworks, FaaS
enables non-traditional service providers e.g. individuals or data centers with
spare capacity. However, this exacerbates the challenge of ensuring that
resource consumption is measured accurately and reported reliably. It also
raises the issues of ensuring computation is done correctly and minimizing the
amount of information leaked to service providers.
To address these challenges, we introduce S-FaaS, the first architecture and
implementation of FaaS to provide strong security and accountability guarantees
backed by Intel SGX. To match the dynamic event-driven nature of FaaS, our
design introduces a new key distribution enclave and a novel transitive
attestation protocol. A core contribution of S-FaaS is our set of resource
measurement mechanisms that securely measure compute time inside an enclave,
and actual memory allocations. We have integrated S-FaaS into the popular
OpenWhisk FaaS framework. We evaluate the security of our architecture, the
accuracy of our resource measurement mechanisms, and the performance of our
implementation, showing that our resource measurement mechanisms add less than
6.3% latency on standardized benchmarks
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
SafeWeb: A Middleware for Securing Ruby-Based Web Applications
Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits.
Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)
Ozone: Efficient Execution with Zero Timing Leakage for Modern Microarchitectures
Time variation during program execution can leak sensitive information. Time
variations due to program control flow and hardware resource contention have
been used to steal encryption keys in cipher implementations such as AES and
RSA. A number of approaches to mitigate timing-based side-channel attacks have
been proposed including cache partitioning, control-flow obfuscation and
injecting timing noise into the outputs of code. While these techniques make
timing-based side-channel attacks more difficult, they do not eliminate the
risks. Prior techniques are either too specific or too expensive, and all leave
remnants of the original timing side channel for later attackers to attempt to
exploit.
In this work, we show that the state-of-the-art techniques in timing
side-channel protection, which limit timing leakage but do not eliminate it,
still have significant vulnerabilities to timing-based side-channel attacks. To
provide a means for total protection from timing-based side-channel attacks, we
develop Ozone, the first zero timing leakage execution resource for a modern
microarchitecture. Code in Ozone execute under a special hardware thread that
gains exclusive access to a single core's resources for a fixed (and limited)
number of cycles during which it cannot be interrupted. Memory access under
Ozone thread execution is limited to a fixed size uncached scratchpad memory,
and all Ozone threads begin execution with a known fixed microarchitectural
state. We evaluate Ozone using a number of security sensitive kernels that have
previously been targets of timing side-channel attacks, and show that Ozone
eliminates timing leakage with minimal performance overhead
- …