Cloud computing is being used by almost everyone, from regular consumer to IT
specialists, as it is a way to have high availability, geo-replication, and resource elasticity
with pay-as-you-go charging models. Another benefit is the minimal management effort
and maintenance expenses for its users.
However, security is still pointed out as the main reason hindering the full adoption
of cloud services. Consumers lose ownership of their data as soon as it goes to the cloud;
therefore, they have to rely on cloud provider’s security assumptions and Service Level
Agreements regarding privacy and integrity guarantees for their data.
Hardware Security Modules (HSMs) are dedicated cryptographic processors, typically
used in secure cloud applications, that are designed specifically for the protection of
cryptographic keys in all steps of their life cycles. They are physical devices with tamperproof
resistance, but rather expensive. There have been some attempts to virtualize
HSMs. Virtual solutions can reduce its costs but without much success as performance is
incomparable and security guarantees are hard to achieve in software implementations.
In this dissertation, we aim at developing a virtualized HSM supported by modern
attestation-based trusted hardware in commodity CPUs to ensure privacy and reliability,
which are the main requirements of an HSM. High availability will also be achieved
through techniques such as cloud-of-clouds replication on top of those nodes. Therefore
virtual HSMs, on the cloud, backed with trusted hardware, seem increasingly promising
as security, attestation, and high availability will be guaranteed by our solution, and it
would be much cheaper and as reliable as having physical HSMs
