Kernel korner: About LinuxBIOS
Linux Journal
MSS '03 Proceedings of the 20 th IEEE/11 th NASA Goddard Conference on Mass Storage Systems and Technologies (MSS'03)
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Are virtual-machine monitors microkernels done right?
ACM SIGOPS Operating Systems Review
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
lmbench: portable tools for performance analysis
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
ACM Computing Surveys (CSUR)
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
MAVMM: Lightweight and Purpose Built VMM for Malware Analysis
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Computer meteorology: monitoring compute clouds
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
The turtles project: design and implementation of nested virtualization
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Recursive virtual machines for advanced security mechanisms
DSNW '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops
Targeted malleability: homomorphic encryption for restricted computations
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Cloud Data Protection for the Masses
Computer
The Xen-Blanket: virtualize once, run everywhere
Proceedings of the 7th ACM european conference on Computer Systems
Improving virtualization security by splitting hypervisor into smaller components
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Proceedings of the 2012 ACM conference on Computer and communications security
Secure cloud maintenance: protecting workloads against insider attacks
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Hi-index | 0.00 |
Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user's privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage. Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor's root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users' memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced the TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system with ~5.8K LOCs on x86 architecture. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.