Securing Data Integrity from Cloud Storage to Blockchains
暂无分享,去创建一个
Cloud computing has commoditized remote services in recent years. Collaborating on shared data using the cloud has become popular for both personal and professional use. Instead of investing into on-premise infrastructure, low-cost and scalable cloud-based solutions allow to outsource resource-expensive computation and storage. Despite of the benefits those remote services offer, broad adoption still faces security concerns regarding confidentiality and integrity. This thesis addresses the problem of securing data integrity in untrusted environments. Recent trusted execution technology, such as Intel Software Guard Extensions (SGX), aims to overcome the security challenges and seems to pave the way for secure and trustworthy cloud computing. However, when multiple users interact through a potentially misbehaving remote service, consistency violations through rollback and forking attacks can lead to loss of data integrity even when trusted execution is used. In this thesis we identify a number of different settings where consistency violations must be prevented to ensure data integrity. We address these challenges by designing practical solutions that allow to detect a misbehaving remote service. We first focus on securing a commodity cloud storage service where no trusted execution is available and propose a protocol that utilizes the evolution of the storage state to enable the clients to detect integrity and consistency violations. We then introduce trusted execution at the remote service with the intention that this solves the integrity problem; however, a detailed analysis shows that system protection against rollback attacks is challenging. We address this limitation by complementing the system with a distributed protocol to detect rollback attacks. We also propose a system that combines trusted execution with blockchain technology to enhance data protection while resolving difficulties related to rollback attacks. The proposed solutions have been implemented as proofs-of-concept working with real-world systems. Evaluations demonstrate the practicability of these solutions and show that they are direct improvements over previous approaches.