Sealed Computation: Abstract Requirements for Mechanisms to Support Trustworthy Cloud Computing

  • Lamya AbdullahEmail author
  • Felix Freiling
  • Juan Quintero
  • Zinaida Benenson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11387)


In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is that the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously. In this paper, we propose an approach that avoids having to trust a single entity. Our approach is based on two concepts: (1) the technical abstraction of sealed computation, i.e., a technical mechanism to confine the processing of data within a tamper-proof hardware container, and (2) the additional role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected. We discuss the abstract technical and procedural requirements of these concepts and explain how they can be applied in practice.


Security requirements Trusted computing Trustworthy computing Cloud computing Cloud service Auditor 



The authors would like to thank Nico Döttling, Johannes Götzfried, Tilo Müller and Hubert Jäger for hints and useful comments on earlier versions of this paper. This research is conducted under and supported by the “Privacy&Us” Innovative Training Network (EU H2020 MSCA ITN, grant agreement No. 675730).


  1. 1.
    Aazam, M., Khan, I., Alsaffar, A.A., Huh, E.N.: Cloud of things: integrating internet of things and cloud computing and the issues involved. In: 2014 11th International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 414–419. IEEE (2014)Google Scholar
  2. 2.
    Alam, S., Chowdhury, M.M., Noll, J.: SenaaS: an event-driven sensor virtualization approach for Internet of Things cloud. In: 2010 IEEE International Conference on Networked Embedded Systems for Enterprise Applications (NESEA), pp. 1–6. IEEE (2010)Google Scholar
  3. 3.
    Alhanahnah, M., Bertok, P., Tari, Z.: Trusting cloud service providers: trust phases and a taxonomy of trust factors. IEEE Cloud Comput. 4(1), 44–54 (2017)CrossRefGoogle Scholar
  4. 4.
    Allianz Deutschland AG: Allianz BonusDrive User Guide (2017). Accessed 28 Jan 2018
  5. 5.
    Allianz Press Release: (in German) Nicht alle jungen Fahrer sind Straßen-Rowdies (2017). Accessed 28 Jan 2018
  6. 6.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014, Broomfield, CO, USA, October 6–8, pp. 267–283 (2014).
  7. 7.
    Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. Technical report Cloud Security Alliance (2011).
  8. 8.
    Coker, G., et al.: Principles of remote attestation. Int. J. Inf. Secur. 10(2), 63–81 (2011). Scholar
  9. 9.
    Derikx, S., de Reuver, M., Kroesen, M.: Can privacy concerns for insurance of connected cars be compensated? Electron. Markets 26(1), 73–81 (2016). Scholar
  10. 10.
    Dyer, J.G., et al.: Building the IBM 4758 secure coprocessor. IEEE Comput. 34(10), 57–66 (2001). Scholar
  11. 11.
    Ge, C., Ohoussou, A.K.: Sealed storage for trusted cloud computing. In: 2010 International Conference On Computer Design and Applications, vol. 5, pp. V5-335–V5-339, June 2010Google Scholar
  12. 12.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, 31 May–2 June 2009, pp. 169–178 (2009).
  13. 13.
    Georgiopoulou, Z., Lambrinoudakis, C.: Literature review of trust models for cloud computing. In: 2016 15th International Symposium on Parallel and Distributed Computing (ISPDC), pp. 208–213, July 2016Google Scholar
  14. 14.
    Habib Mahbub, S., Hauke, S., Ries, S., Mühlhäuser, M.: Trust as a facilitator in cloud computing: a survey. J. Cloud Comput. 1, 19 (2012). Scholar
  15. 15.
    HUK-Coburg: (in German) Mit Sicherheit fahren und sparen. Unser Smart Driver Programm für junge Fahrer (2017). Accessed 28 Jan 2018
  16. 16.
    Karapiperis, D., et al.: Usage-based insurance and vehicle telematics: insurance market and regulatory implications. Technical report 1, National Association of Insurance Commisioners (NAIC), CIPR Study Series (2015)Google Scholar
  17. 17.
    Li, X.Y., Zhou, L.T., Shi, Y., Guo, Y.: A trusted computing environment model in cloud architecture. In: 2010 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 2843–2848, July 2010Google Scholar
  18. 18.
    Maene, P., Götzfried, J., de Clercq, R., Müller, T., Freiling, F., Verbauwhede, I.: Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. 99, 1–1 (2017). Scholar
  19. 19.
    Mell, P., Grance, T.: Effectively and securely using the cloud computing paradigm. NIST Inf. Technol. Lab. 2(8), 304–311 (2009)Google Scholar
  20. 20.
    Morris Jr., J.H.: Protection in programming languages. Commun. ACM 16(1), 15–21 (1973). Scholar
  21. 21.
    Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19 May–22 May 2013, pp. 238–252 (2013).
  22. 22.
    Rizvi, S., Ryoo, J., Liu, Y., Zazworsky, D., Cappeta, A.: A centralized trust model approach for cloud computing. In: 2014 23rd Wireless and Optical Communication Conference (WOCC), pp. 1–6, May 2014Google Scholar
  23. 23.
    Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: a new abstraction for building trusted cloud services. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 175–188. USENIX, Bellevue, WA (2012).
  24. 24.
    Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, 17 May–21 May 2015, pp. 38–54 (2015).
  25. 25.
    Soleymanian, M., Weinberg, C., Zhu, T.: Sensor data, privacy, and behavioral tracking: does usage-based auto insurance benefit drivers? Technical report, Sauder School of Business (University of British Columbia) & Krannert School of Management (Purdue University) (2017).
  26. 26.
    Utimaco IS GmbH: Hardware Security Modules (HSMs) are the core business focus for Utimaco (2018). Accessed 10 Jan 2018
  27. 27.
    Wagner, S., Krauß, C., Eckert, C.: Lightweight attestation and secure code update for multiple separated microkernel tasks. In: Proceedings of 16th International Conference on Information Security, ISC 2013, Dallas, Texas, USA, 13–15 November 2013, pp. 20–36 (2013). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Lamya Abdullah
    • 1
    • 2
    Email author
  • Felix Freiling
    • 1
  • Juan Quintero
    • 1
    • 2
  • Zinaida Benenson
    • 1
  1. 1.Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)ErlangenGermany
  2. 2.Uniscon GmbHMunichGermany

Personalised recommendations