Proof of separability: A verification technique for a class of a security kernels
Proceedings of the 5th Colloquium on International Symposium on Programming
Proceedings of the workshop on virtual computer systems
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Offline untrusted storage with immediate detection of forking and replay attacks
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Property-Based TPM Virtualization
ISC '08 Proceedings of the 11th international conference on Information Security
FairplayMP: a system for secure multi-party computation
Proceedings of the 15th ACM conference on Computer and communications security
Sharemind: A Framework for Fast Privacy-Preserving Computations
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
A scalable and secure cryptographic service
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Towards trusted cloud computing
HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing
Seeding clouds with trust anchors
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
To cloud or not to cloud?: musings on costs and viability
Proceedings of the 2nd ACM Symposium on Cloud Computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
AmazonIA: when elasticity snaps back
Proceedings of the 18th ACM conference on Computer and communications security
Lucy in the sky without diamonds: Stealing confidential data in the cloud
DSNW '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops
Enabling secure VM-vTPM migration in private clouds
Proceedings of the 27th Annual Computer Security Applications Conference
The Xen-Blanket: virtualize once, run everywhere
Proceedings of the 7th ACM european conference on Computer Systems
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
On the security of public key protocols
IEEE Transactions on Information Theory
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Proceedings of the 2012 ACM conference on Computer and communications security
Enabling fairer digital rights management with trusted computing
ISC'07 Proceedings of the 10th international conference on Information Security
The TClouds platform: concept, architecture and instantiations
Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing
Hi-index | 0.00 |
Today, a serious concern about cloud computing is the protection of clients' data and computations against various attacks from outsiders as well as against the cloud provider. Moreover, cloud clients are rather limited in implementing, deploying and controlling their own security solutions in the cloud. The provider theoretically has access to stored keys in dormant images and deploying keys during run-time is infeasible because authenticating running VM instances is not possible. In this paper, we present a security architecture that allows for establishing secure client-controlled Cryptography-as-a-Service (CaaS) in the cloud: Our CaaS enables clients to be in control of the provisioning and usage of their credentials and cryptographic primitives. They can securely provision keys or even implement their private virtual security module (e.g., vHSM or SmartCard). All clients' cryptographic operations run in a protected client-specific secure execution domain. This is achieved by modifying the Xen hypervisor and leveraging standard Trusted Computing technology. Moreover, our solution is legacy-compatible by installing a transparent cryptographic layer for the storage and network I/O of a VM. We reduced the privileged hypercalls necessary for administration by 79%. We evaluated the effectiveness and efficiency of our design which resulted in an acceptable performance overhead.