1,576 research outputs found
Trusted Computing and Secure Virtualization in Cloud Computing
Large-scale deployment and use of cloud computing in industry
is accompanied and in the same time hampered by concerns regarding protection of
data handled by cloud computing providers. One of the consequences of moving
data processing and storage off company premises is that organizations have
less control over their infrastructure. As a result, cloud service (CS) clients
must trust that the CS provider is able to protect their data and
infrastructure from both external and internal attacks. Currently however, such
trust can only rely on organizational processes declared by the CS
provider and can not be remotely verified and validated by an external party.
Enabling the CS client to verify the integrity of the host where the
virtual machine instance will run, as well as to ensure that the virtual
machine image has not been tampered with, are some steps towards building
trust in the CS provider. Having the tools to perform such
verifications prior to the launch of the VM instance allows the CS
clients to decide in runtime whether certain data should be stored- or calculations
should be made on the VM instance offered by the CS provider.
This thesis combines three components -- trusted computing, virtualization technology
and cloud computing platforms -- to address issues of trust and
security in public cloud computing environments. Of the three components,
virtualization technology has had the longest evolution and is a cornerstone
for the realization of cloud computing. Trusted computing is a recent
industry initiative that aims to implement the root of trust in a hardware
component, the trusted platform module. The initiative has been formalized
in a set of specifications and is currently at version 1.2. Cloud computing
platforms pool virtualized computing, storage and network resources in
order to serve a large number of customers customers that use a multi-tenant
multiplexing model to offer on-demand self-service over broad network.
Open source cloud computing platforms are, similar to trusted computing, a
fairly recent technology in active development.
The issue of trust in public cloud environments is addressed
by examining the state of the art within cloud computing security and
subsequently addressing the issues of establishing trust in the launch of a
generic virtual machine in a public cloud environment. As a result, the thesis
proposes a trusted launch protocol that allows CS clients
to verify and ensure the integrity of the VM instance at launch time, as
well as the integrity of the host where the VM instance is launched. The protocol
relies on the use of Trusted Platform Module (TPM) for key generation and data protection.
The TPM also plays an essential part in the integrity attestation of the
VM instance host. Along with a theoretical, platform-agnostic protocol,
the thesis also describes a detailed implementation design of the protocol
using the OpenStack cloud computing platform.
In order the verify the implementability of the proposed protocol, a prototype
implementation has built using a distributed deployment of OpenStack.
While the protocol covers only the trusted launch procedure using generic
virtual machine images, it presents a step aimed to contribute towards
the creation of a secure and trusted public cloud computing environment
Chuchotage: In-line Software Network Protocol Translation for (D)TLS
The growing diversity of connected devices leads to complex network deployments, often made up of endpoints that implement in- compatible network application protocols. Communication between heterogeneous network protocols was traditionally enabled by hardware translators or gateways. However, such solutions are increasingly unfit to address the security, scalability, and latency requirements of modern software-driven deployments. To address these shortcomings we propose Chuchotage, a protocol translation architecture for secure and scalable machine-to-machine communication. Chuchotage enables in-line TLS interception and confidential protocol translation for software-defined networks. Translation is done in ephemeral, flow-specific Trusted Execution Environments and scales with the number of network flows. Our evaluation of Chuchotage implementing an HTTP to CoAP translation indicates a minimal transmission and translation overhead, allowing its integration with legacy or outdated deployments
TREDIS ā A Trusted Full-Fledged SGX-Enabled REDIS Solution
Currently, offloading storage and processing capacity to cloud servers is a growing
trend among web-enabled services managing big datasets. This happens because high
storage capacity and powerful processors are expensive, whilst cloud services provide
cheaper, ongoing, elastic, and reliable solutions. The problem with this cloud-based out sourced solutions are that they are highly accessible through the Internet, which is good,
but therefore can be considerably exposed to attacks, out of usersā control. By exploring
subtle vulnerabilities present in cloud-enabled applications, management functions, op erating systems and hypervisors, an attacker may compromise the supported systems,
thus compromising the privacy of sensitive user data hosted and managed in it. These
attacks can be motivated by malicious purposes such as espionage, blackmail, identity
theft, or harassment. A solution to this problem is processing data without exposing it to
untrusted components, such as vulnerable OS components, which might be compromised
by an attacker.
In this thesis, we do a research on existent technologies capable of enabling appli cations to trusted environments, in order to adopt such approaches to our solution as a
way to help deploy unmodified applications on top of Intel-SGX, with overheads com parable to applications designed to use this kind of technology, and also conducting an
experimental evaluation to better understand how they impact our system. Thus, we
present TREDIS - a Trusted Full-Fledged REDIS Key-Value Store solution, implemented
as a full-fledged solution to be offered as a Trusted Cloud-enabled Platform as a Service,
which includes the possibility to support a secure REDIS-cluster architecture supported
by docker-virtualized services running in SGX-enabled instances, with operations run ning on always-encrypted in-memory datasets.A transiĆ§Ć£o de suporte de aplicaƧƵes com armazenamento e processamento em servidores
cloud Ć© uma tendĆŖncia que tem vindo a aumentar, principalmente quando se precisam
de gerir grandes conjuntos de dados. Comparativamente a soluƧƵes com licenciamento
privado, as soluƧƵes de computaĆ§Ć£o e armazenamento de dados em nuvens de serviƧos
sĆ£o capazes de oferecer opƧƵes mais baratas, de alta disponibilidade, elĆ”sticas e relativa mente confiĆ”veis. Estas soluƧƵes fornecidas por terceiros sĆ£o facilmente acessĆveis atravĆ©s
da Internet, sendo operadas em regime de outsourcing da sua operaĆ§Ć£o, o que Ć© bom, mas
que por isso ficam consideravelmente expostos a ataques e fora do controle dos utiliza dores em relaĆ§Ć£o Ć s reais condiƧƵes de confiabilidade, seguranƧa e privacidade de dados.
Ao explorar subtilmente vulnerabilidades presentes nas aplicaƧƵes, funƧƵes de sistemas
operativos (SOs), bibliotecas de virtualizaĆ§Ć£o de serviƧos de SOs ou hipervisores, um ata cante pode comprometer os sistemas e quebrar a privacidade de dados sensĆveis. Estes
ataques podem ser motivados por fins maliciosos como espionagem, chantagem, roubo
de identidade ou assƩdio e podem ser desencadeados por intrusƵes (a partir de atacantes
externos) ou por aƧƵes maliciosas ou incorretas de atacantes internos (podendo estes atuar
com privilĆ©gios de administradores de sistemas). Uma soluĆ§Ć£o para este problema passa
por armazenar e processar a informaĆ§Ć£o sem que existam exposiƧƵes face a componentes
nĆ£o confiĆ”veis.
Nesta dissertaĆ§Ć£o estudamos e avaliamos experimentalmente diversas tecnologias que
permitem a execuĆ§Ć£o de aplicaƧƵes com isolamento em ambientes de execuĆ§Ć£o confiĆ” vel suportados em hardware Intel-SGX, de modo a perceber melhor como funcionam e
como adaptĆ”-las Ć nossa soluĆ§Ć£o. Para isso, realizĆ”mos uma avaliaĆ§Ć£o focada na utilizaĆ§Ć£o
dessas tecnologias com virtualizaĆ§Ć£o em contentores isolados executando em hardware
confiĆ”vel, que usĆ”mos na concepĆ§Ć£o da nossa soluĆ§Ć£o. Posto isto, apresentamos a nossa
soluĆ§Ć£o TREDIS - um sistema Key-Value Store confiĆ”vel baseado em tecnologia REDIS,
com garantias de integridade da execuĆ§Ć£o e de privacidade de dados, concebida para
ser usada como uma "Plataforma como ServiƧo"para gestĆ£o e armazenamento resiliente
de dados na nuvem. Isto inclui a possibilidade de suportar uma arquitetura segura com
garantias de resiliĆŖncia semelhantes Ć arquitetura de replicaĆ§Ć£o em cluster na soluĆ§Ć£o
original REDIS, mas em que os motores de execuĆ§Ć£o de nĆ³s e a proteĆ§Ć£o de memĆ³ria
do cluster Ć© baseado em contentores docker isolados e virtualizados em instĆ¢ncias SGX, sendo os dados mantidos sempre cifrados em memĆ³ria
Intel TDX Demystified: A Top-Down Approach
Intel Trust Domain Extensions (TDX) is a new architectural extension in the
4th Generation Intel Xeon Scalable Processor that supports confidential
computing. TDX allows the deployment of virtual machines in the
Secure-Arbitration Mode (SEAM) with encrypted CPU state and memory, integrity
protection, and remote attestation. TDX aims to enforce hardware-assisted
isolation for virtual machines and minimize the attack surface exposed to host
platforms, which are considered to be untrustworthy or adversarial in the
confidential computing's new threat model. TDX can be leveraged by regulated
industries or sensitive data holders to outsource their computations and data
with end-to-end protection in public cloud infrastructure.
This paper aims to provide a comprehensive understanding of TDX to potential
adopters, domain experts, and security researchers looking to leverage the
technology for their own purposes. We adopt a top-down approach, starting with
high-level security principles and moving to low-level technical details of
TDX. Our analysis is based on publicly available documentation and source code,
offering insights from security researchers outside of Intel
SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing
Confidential computing allows processing sensitive workloads in securely isolated spaces. Following earlier adop- tion of process-based approaches to isolation, vendors are now enabling hardware and firmware support for virtualization-based confidential computing on several server platforms. Due to variations in the technology stack, threat model, implemen-tation and functionality, the available solutions offer somewhat different capabilities, trade-offs and security guarantees. In this paper we review, compare and contextualize four virtualization-based confidential computing technologies for enterprise server platforms - AMD SEV, ARM CCA, IBM PEF and Intel TDX
Defense in Depth of Resource-Constrained Devices
The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
Trusted Execution Development: Designing a Secure, High-Performance Remote Attestation Protocol
Intel Software Guard Extensions (SGX) are a Trusted Execution Environment (TEE) technology that allow programs to protect execution process and data from other processes on the platform. We propose a method to combine SGX attestation with Transport Layer Security (TLS). Doing so will combine guarantees about the program, runtime environment, and machine identity into a normal TLS handshake. We implemented a basic server using SGX/TLS and provide performance details and lessons learned during development
- ā¦