Client-Controlled Cryptography-as-a-Service in the Cloud

  • Sören Bleikertz
  • Sven Bugiel
  • Hugo Ideler
  • Stefan Nürnberger
  • Ahmad-Reza Sadeghi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7954)

Abstract

Today, a serious concern about cloud computing is the protection of clients’ data and computations against various attacks from outsiders as well as against the cloud provider. Moreover, cloud clients are rather limited in implementing, deploying and controlling their own security solutions in the cloud. The provider theoretically has access to stored keys in dormant images and deploying keys during run-time is infeasible because authenticating running VM instances is not possible.

In this paper, we present a security architecture that allows for establishing secure client-controlled Cryptography-as-a-Service (CaaS) in the cloud: Our CaaS enables clients to be in control of the provisioning and usage of their credentials and cryptographic primitives. They can securely provision keys or even implement their private virtual security module (e.g., vHSM or SmartCard). All clients’ cryptographic operations run in a protected client-specific secure execution domain. This is achieved by modifying the Xen hypervisor and leveraging standard Trusted Computing technology. Moreover, our solution is legacy-compatible by installing a transparent cryptographic layer for the storage and network I/O of a VM. We reduced the privileged hypercalls necessary for administration by 79%. We evaluated the effectiveness and efficiency of our design which resulted in an acceptable performance overhead.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    AlertLogic. An empirical analysis of real world threats: State of cloud security report (2012), http://www.alertlogic.com/resources/state-of-cloud-security-report/
  2. 2.
    Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors – a survey. Proceedings of the IEEE 94(2), 357–369 (2006)CrossRefGoogle Scholar
  3. 3.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: 19th ACM Symposium on Operating Systems Principles (SOSP 2003). ACM (2003)Google Scholar
  4. 4.
    Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: 15th ACM Conference on Computer and Communications Security (CCS 2008). ACM (2008)Google Scholar
  5. 5.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: 15th Conference on USENIX Security Symposium. USENIX (2006)Google Scholar
  6. 6.
    Berson, T., Dean, D., Franklin, M., Smetters, D., Spreitzer, M.: Cryptography as a Network Service. In: Network and Distributed Systems Security Symposium, NDSS 2001 (2001)Google Scholar
  7. 7.
    Bogdanov, D., Laur, S., Willemson, J.: Sharemind: A framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Bugiel, S., Nürnberger, S., Pöppelmann, T., Sadeghi, A.-R., Schneider, T.: AmazonIA: When Elasticity Snaps Back. In: 18th ACM Conference on Computer and Communications Security (CCS 2011). ACM (October 2011)Google Scholar
  9. 9.
    Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy, V.: Self-service cloud computing. In: 19th ACM Conference on Computer and Communications Security (CCS 2012). ACM (October 2012)Google Scholar
  10. 10.
    Catuogno, L., et al.: Trusted Virtual Domains – Design, Implementation and Lessons Learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS (2008)Google Scholar
  12. 12.
    Chen, Y., Sion, R.: To cloud or not to cloud?: musings on costs and viability. In: 2nd ACM Symposium on Cloud Computing (SOCC 2011). ACM (2011)Google Scholar
  13. 13.
    CVE-2007-4993. Bug in pygrub allows guests to execute commands in dom0Google Scholar
  14. 14.
    CVE-2008-1943. Buffer overflow in xensource allows to execute arbitrary codeGoogle Scholar
  15. 15.
    Danev, B., Masti, R.J., Karame, G.O., Capkun, S.: Enabling secure VM-vTPM migration in private clouds. In: 27th Annual Computer Security Applications Conference (ACSAC 2011). ACM (2011)Google Scholar
  16. 16.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetMATHCrossRefGoogle Scholar
  17. 17.
    Dyer, J.G., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.W., Weingart, S.: Building the IBM 4758 secure coprocessor. IEEE Computer (2001)Google Scholar
  18. 18.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: 19th ACM Symposium on Operating Systems Principles (SOSP 2003). ACM (2003)Google Scholar
  19. 19.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: 41st Annual ACM Symposium on Theory of Computing. ACM (2009)Google Scholar
  20. 20.
    Kelem, N., Feiertag, R.: A separation model for virtual machine monitors. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 78–86 (May 1991)Google Scholar
  21. 21.
    Madnick, S.E., Donovan, J.J.: Application and analysis of the virtual machine approach to information system security and isolation. In: Workshop on Virtual Computer Systems. ACM (1973)Google Scholar
  22. 22.
    McCune, J., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: IEEE Symposium on Security and Privacy (SP 2010). IEEE (2010)Google Scholar
  23. 23.
    McCune, J., Parno, B., Perrig, A., Reiter, M., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: 3rd European Conference on Computer Systems (EuroSys 2008). ACM (2008)Google Scholar
  24. 24.
    Murray, D.G., Milos, G., Hand, S.: Improving xen security through disaggregation. In: 4th Int. Conference on Virtual Execution Environments (VEE 2008). ACM (2008)Google Scholar
  25. 25.
    Rocha, F., Correia, M.: Lucy in the sky without diamonds: Stealing confidential data in the cloud. In: 41st International Conference on Dependable Systems and Networks Workshops (DSNW 2011). IEEE (2011)Google Scholar
  26. 26.
    Rushby, J.M.: Proof of separability: A verification technique for a class of a security kernels. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, pp. 352–367. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  27. 27.
    Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Workshop on New Security Paradigms (NSPW 2004). ACM (2004)Google Scholar
  28. 28.
    Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Sadeghi, A.-R., Wolf, M., Stüble, C., Asokan, N., Ekberg, J.-E.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a mac-based security architecture for the xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference (ACSAC 2005). IEEE (2005)Google Scholar
  31. 31.
    Santos, N., Gummadi, K., Rodrigues, R.: Towards trusted cloud computing. In: Hot topics in cloud computing (HotCloud 2009). USENIX (2009)Google Scholar
  32. 32.
    Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: A new abstraction for building trusted cloud services. In: 21st USENIX Security Symposium. USENIX (2012)Google Scholar
  33. 33.
    Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., McDaniel, P.: Seeding clouds with trust anchors. In: ACM Workshop on Cloud Computing Security (CCSW 2010). ACM (2010)Google Scholar
  34. 34.
    Thibault, S.: Stub domains: A step towards dom0 disaggregation (2010), http://www.xen.org/files/xensummitboston08/SamThibault_XenSummit.pdf
  35. 35.
    Trusted Computing Group (TCG). TCG specification architecture overview, revision 1.4 (2007)Google Scholar
  36. 36.
    Trusted Computing Group (TCG). Trusted platform module specifications (2008)Google Scholar
  37. 37.
    van Dijk, M., Rhodes, J., Sarmenta, L.F.G., Devadas, S.: Offline untrusted storage with immediate detection of forking and replay attacks. In: 2007 ACM workshop on Scalable trusted computing (STC 2007). ACM (2007)Google Scholar
  38. 38.
    Wang, Z., Jiang, X.: Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In: 2010 IEEE Symposium on Security and Privacy (SP 2010). IEEE (2010)Google Scholar
  39. 39.
    Williams, D., Jamjoom, H., Weatherspoon, H.: The xen-blanket: virtualize once, run everywhere. In: 7th ACM European Conference on Computer Systems (EuroSys 2012). ACM (2012)Google Scholar
  40. 40.
    Xu, S., Sandhu, R.: A scalable and secure cryptographic service. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 144–160. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  41. 41.
    Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: 23rd ACM Symposium on Operating Systems Principles (SOSP 2011). ACM (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Sören Bleikertz
    • 1
  • Sven Bugiel
    • 2
  • Hugo Ideler
    • 2
  • Stefan Nürnberger
    • 2
  • Ahmad-Reza Sadeghi
    • 2
  1. 1.IBM Research - ZurichRüschlikonSwitzerland
  2. 2.TU Darmstadt / CASEDDarmstadtGermany

Personalised recommendations