A Secure Cloud with Minimal Provider Trust

Bolted is a new architecture for a bare metal cloud with the goal of providing security-sensitive customers of a cloud the same level of security and control that they can obtain in their own private data centers. It allows tenants to elastically allocate secure resources within a cloud while being protected from other previous, current, and future tenants of the cloud. The provisioning of a new server to a tenant isolates a bare metal server, only allowing it to communicate with other tenant's servers once its critical firmware and software have been attested to the tenant. Tenants, rather than the provider, control the tradeoffs between security, price, and performance. A prototype demonstrates scalable end-to-end security with small overhead compared to a less secure alternative.

[1]  Xeno Kovah,et al.  BIOS chronomancy: fixing the core root of trust for measurement , 2013, CCS.

[2]  Nabil Schear,et al.  Bootstrapping and maintaining trust in the cloud , 2016, ACSAC.

[3]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Peter Desnoyers,et al.  M2: Malleable Metal as a Service , 2018, 2018 IEEE International Conference on Cloud Engineering (IC2E).

[5]  Paul T. Jaeger,et al.  Identifying the security risks associated with governmental use of cloud computing , 2010, Gov. Inf. Q..

[6]  Larry Rudolph,et al.  Thunderstrike: EFI firmware bootkits for Apple MacBooks , 2015, SYSTOR.

[7]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[9]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[11]  Vincent Nicomette,et al.  Bypassing IOMMU Protection against I/O Attacks , 2016, 2016 Seventh Latin-American Symposium on Dependable Computing (LADC).

[12]  Carlos Maltzahn,et al.  Ceph: a scalable, high-performance distributed file system , 2006, OSDI '06.

[13]  Peter Desnoyers,et al.  HIL: Designing an Exokernel for the Data Center , 2016, SoCC.

[14]  Mike Hibler,et al.  Automatic Online Validation of Network Configuration in the Emulab Network Testbed , 2006, 2006 IEEE International Conference on Autonomic Computing.

[15]  T. Fujita tgt: Framework for Storage Target Drivers , 2010 .

[16]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.