Recent trends in applying TPM to cloud computing

Trusted platform modules (TPM) have become important safe‐guards against variety of software‐based attacks. By providing a limited set of cryptographic services through a well‐defined interface, separated from the software itself, TPM can serve as a root of trust and as a building block for higher‐level security measures. This article surveys the literature for applications of TPM in the cloud‐computing environment, with publication dates comprised between 2013 and 2018. It identifies the current trends and objectives of this technology in the cloud, and the type of threats that it mitigates. Toward the end, the main research gaps are pinpointed and discussed. Since integrity measurement is one of the main usages of TPM, special attention is paid to the assessment of run time phases and software layers it is applied to.</p

A novel architecture to virtualise a hardware-bound trusted platform module

Security and trust are particularly relevant in modern softwarised infrastructures, such as cloud environments, as applications are deployed on platforms owned by third parties, are publicly accessible on the Internet and can share the hardware with other tenants. Traditionally, operating systems and applications have leveraged hardware tamper-proof chips, such as the Trusted Platform Modules (TPMs) to implement security workflows, such as remote attestation, and to protect sensitive data against software attacks. This approach does not easily translate to the cloud environment, wherein the isolation provided by the hypervisor makes it impractical to leverage the hardware root of trust in the virtual domains. Moreover, the scalability needs of the cloud often collide with the scarce hardware resources and inherent limitations of TPMs. For this reason, existing implementations of virtual TPMs (vTPMs) are based on TPM emulators. Although more flexible and scalable, this approach is less secure. In fact, each vTPM is vulnerable to software attacks both at the virtualised and hypervisor levels. In this work, we propose a novel design for vTPMs that provides a binding to an underlying physical TPM; the new design, akin to a virtualisation extension for TPMs, extends the latest TPM 2.0 specification. We minimise the number of required additions to the TPM data structures and commands so that they do not require a new, non-backwards compatible version of the specification. Moreover, we support migration of vTPMs among TPM-equipped hosts, as this is considered a key feature in a highly virtualised environment. Finally, we propose a flexible approach to vTPM object creation that protects vTPM secrets either in hardware or software, depending on the required level of assurance

Exploring the Integration of Memory Management and Trusted Computing

This thesis addresses vulnerabilities in current Trusted Computing architecture by exploring a design for a better Trusted Platform Module (TPM); one that integrates more closely with the CPU\u27s Memory Management Unit (MMU). We establish that software-based attacks on trusted memory can be carried out undetectably by an adversary on current TCG/TPM implementations. We demonstrate that an attacker with sufficient privileges can compromise the integrity of a TPM-protected system by modifying critical loaded code and static data after measurement has taken place. More specifically, these attacks illustrate the Time Of Check vs. Time of Use (TOCTOU) class of attacks. We propose to enhance the MMU, enabling it to detect when memory containing trusted code or data is being maliciously modified at run-time. On detection, it should be able to notify the TPM of these modifications. We seek to use the concepts of selective memory immutability as a security tool to harden the MMU, which will result in a more robust TCG/TPM implementation. To substantiate our ideas for this proposed hardware feature, we designed and implemented a software prototype system, which employs the monitoring capabilities of the Xen virtual machine monitor. We performed a security evaluation of our prototype and validated that it can detect all our software-based TOCTOU attacks. We applied our prototype to verify the integrity of data associated with an application, as well as suggested and implemented ways to prevent unauthorized use of data by associating it with its owner process. Our performance evaluation reveals minimal overhead

Trust based Privacy Policy Enforcement in Cloud Computing

Cloud computing offers opportunities for organizations to reduce IT costs by using the computation and storage of a remote provider. Despite the benefits offered by cloud computing paradigm, organizations are still wary of delegating their computation and storage to a cloud service provider due to trust concerns. The trust issues with the cloud can be addressed by a combination of regulatory frameworks and supporting technologies. Privacy Enhancing Technologies (PET) and remote attestation provide the technologies for addressing the trust concerns. PET provides proactive measures through cryptography and selective dissemination of data to the client. Remote attestation mechanisms provides reactive measures by enabling the client to remotely verify if a provider is compromised. The contributions of this work are three fold. This thesis explores the PET landscape by studying in detail the implications of using PET in cloud architectures. The practicality of remote attestation in Software as a Service (SaaS) and Infrastructure as a Service (IaaS) scenarios is also analyzed and improvements have been proposed to the state of the art. This thesis also propose a fresh look at trust relationships in cloud computing, where a single provider changes its configuration for each client based on the subjective and dynamic trust assessments of clients. We conclude by proposing a plan for expanding on the completed work

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

Insider threat : memory confidentiality and integrity in the cloud

PhD ThesisThe advantages of always available services, such as remote device backup or data storage, have helped the widespread adoption of cloud computing. However, cloud computing services challenge the traditional boundary between trusted inside and untrusted outside. A consumer’s data and applications are no longer in premises, fundamentally changing the scope of an insider threat. This thesis looks at the security risks associated with an insider threat. Specifically, we look into the critical challenge of assuring data confidentiality and integrity for the execution of arbitrary software in a consumer’s virtual machine. The problem arises from having multiple virtual machines sharing hardware resources in the same physical host, while an administrator is granted elevated privileges over such host. We used an empirical approach to collect evidence of the existence of this security problem and implemented a prototype of a novel prevention mechanism for such a problem. Finally, we propose a trustworthy cloud architecture which uses the security properties our prevention mechanism guarantees as a building block. To collect the evidence required to demonstrate how an insider threat can become a security problem to a cloud computing infrastructure, we performed a set of attacks targeting the three most commonly used virtualization software solutions. These attacks attempt to compromise data confidentiality and integrity of cloud consumers’ data. The prototype to evaluate our novel prevention mechanism was implemented in the Xen hypervisor and tested against known attacks. The prototype we implemented focuses on applying restrictions to the permissive memory access model currently in use in the most relevant virtualization software solutions. We envision the use of a mandatory memory access control model in the virtualization software. This model enforces the principle of least privilege to memory access, which means cloud administrators are assigned with only enough privileges to successfully perform their administrative tasks. Although the changes we suggest to the virtualization layer make it more restrictive, our solution is versatile enough to port all the functionality available in current virtualization viii solutions. Therefore, our trustworthy cloud architecture guarantees data confidentiality and integrity and achieves a more transparent trustworthy cloud ecosystem while preserving functionality. Our results show that a malicious insider can compromise security sensitive data in the three most important commercial virtualization software solutions. These virtualization solutions are publicly available and the number of cloud servers using these solutions accounts for the majority of the virtualization market. The prevention mechanism prototype we designed and implemented guarantees data confidentiality and integrity against such attacks and reduces the trusted computing base of the virtualization layer. These results indicate how current virtualization solutions need to reconsider their view on insider threats

Securing unikernels in cloud infrastructures

PhD ThesisCloud computing adoption has seen an increase during the last few years. However, cloud tenants are still concerned about the security that the Cloud Service Provider (CSP) offers. Recent security incidents in cloud infrastructures that exploit vulnerabilities in the software layer highlight the need to develop new protection mechanisms. A recent direction in cloud computing is toward massive consolidation of resources by using lightweight Virtual Machines (VMs) called unikernels. Unikernels are specialised VMs that eliminate the Operating System (OS) layer and include the advantages of small footprint, minimal attack surface, nearinstant boot times and multi-platform deployment. Even though using unikernels has certain advantages, unikernels employ a number of shortcomings. First, unikernels do not employ context switching from user to kernel mode. A malicious user could exploit this shortcoming to escape the isolation boundaries that the hypervisor provides. Second, having a large number of unikernels in a single virtualised host creates complex security policies that are difficult to manage and can introduce exploitable misconfigurations. Third, malicious insiders, such as disgruntled system administrators can use privileged software to exfiltrate data from unikernels. In this thesis, we divide our research into two parts, concerning the development of software and hardware-based protection mechanisms for cloud infrastructures that focus on unikernels. In each part, we propose a new protection mechanism for cloud infrastructures, where tenants develop their workloads using unikernels. In the first part, we propose a software-based protection mechanism that controls access to resources, which results on creating least-privileged unikernels. Current access-control mechanisms that reside in hypervisors do not confine unikernels to accepted behaviour and are susceptible to privilege escalation and Virtual Machine escapes attacks. Therefore, current hypervisors need to take into account the possibility of having one or more malicious unikernels and rethink their access-control mechanisms. We designed and implemented VirtusCap, a capability-based access control mechanism that acts as a lower layer of regulating access to resources in cloud infrastructures. Consequently, unikernels are only assigned the privileges required to perform their task. This ensures that the accesscontrol mechanism that resides in the hypervisor will only grant access to resources specified with capabilities. In addition, capabilities are easier to delegate to other unikernels when they need to and the security policies are less complex. Our performance evaluation shows that up to request rate of 7000 (req/sec) our prototype’s response time is identical to XSM-Flask. In the second part, we address the following problem: how to guarantee the confidentiality and integrity of computations executing in a unikernel even in the presence of privileged software used by malicious insiders? A research prototype was designed and implemented called UniGuard, which aims to protect unikernels from an untrusted cloud, by executing the sensitive computations inside secure enclaves. This approach provides confidentiality and integrity guarantees for unikernels against software and certain physical attacks. We show how we integrated Intel SGX with unikernels and added the ability to spawn enclaves that execute the sensitive computations. We conduct experiments to evaluate the performance of UniGuard, which show that UniGuard exhibits acceptable performance overhead in comparison to when the sensitive computations are not executed inside a enclave. To the best of our knowledge, UniGuard is the first solution that protects the confidentiality and integrity of computations that execute inside unikernels using Intel SGX. Currently, unikernels drive the next generation of virtualisation software and especially the cooperation with other virtualisation technologies, such as containers to form hybrid virtualisation workloads. Thus, it is paramount to scrutinise the security of unikernels in cloud infrastructures and propose novel protection mechanisms that will drive the next cloud evolution

Systems Support for Trusted Execution Environments

Cloud computing has become a default choice for data processing by both large corporations and individuals due to its economy of scale and ease of system management. However, the question of trust and trustoworthy computing inside the Cloud environments has been long neglected in practice and further exacerbated by the proliferation of AI and its use for processing of sensitive user data. Attempts to implement the mechanisms for trustworthy computing in the cloud have previously remained theoretical due to lack of hardware primitives in the commodity CPUs, while a combination of Secure Boot, TPMs, and virtualization has seen only limited adoption. The situation has changed in 2016, when Intel introduced the Software Guard Extensions (SGX) and its enclaves to the x86 ISA CPUs: for the first time, it became possible to build trustworthy applications relying on a commonly available technology. However, Intel SGX posed challenges to the practitioners who discovered the limitations of this technology, from the limited support of legacy applications and integration of SGX enclaves into the existing system, to the performance bottlenecks on communication, startup, and memory utilization. In this thesis, our goal is enable trustworthy computing in the cloud by relying on the imperfect SGX promitives. To this end, we develop and evaluate solutions to issues stemming from limited systems support of Intel SGX: we investigate the mechanisms for runtime support of POSIX applications with SCONE, an efficient SGX runtime library developed with performance limitations of SGX in mind. We further develop this topic with FFQ, which is a concurrent queue for SCONE's asynchronous system call interface. ShieldBox is our study of interplay of kernel bypass and trusted execution technologies for NFV, which also tackles the problem of low-latency clocks inside enclave. The two last systems, Clemmys and T-Lease are built on a more recent SGXv2 ISA extension. In Clemmys, SGXv2 allows us to significantly reduce the startup time of SGX-enabled functions inside a Function-as-a-Service platform. Finally, in T-Lease we solve the problem of trusted time by introducing a trusted lease primitive for distributed systems. We perform evaluation of all of these systems and prove that they can be practically utilized in existing systems with minimal overhead, and can be combined with both legacy systems and other SGX-based solutions. In the course of the thesis, we enable trusted computing for individual applications, high-performance network functions, and distributed computing framework, making a <vision of trusted cloud computing a reality