Policy-sealed data: a new abstraction for building trusted cloud services
作者: Krishna P. Gummadi , Nuno Santos , Rodrigo Rodrigues , Stefan Saroiu
DOI:
关键词:
摘要: Accidental or intentional mismanagement of cloud software by administrators poses a serious threat to the integrity and confidentiality customer data hosted services. Trusted computing provides an important foundation for designing services that are more resilient these threats. However, current trusted technology is ill-suited as it exposes too many internal details infrastructure, hinders fault tolerance load-balancing flexibility, performs poorly. We present Excalibur, system addresses limitations enabling design Excalibur new abstraction, called policy-sealed data, lets be sealed (i.e., encrypted customer-defined policy) then unsealed decrypted) only nodes whose configurations match policy. To provide this uses attribute-based encryption, which reduces overhead key management improves performance distributed protocols employed. demonstrate practical, we incorporated in Eucalyptus open-source platform. Policy-sealed can greater confidence customers their not being mismanaged.
mpg.de
mpi-sws.org
inesc-id.pt
acm.org 参考文章(38)
Vivek Haldar, Michael Franz, Deepak Chandra, Semantic remote attestation: a virtual machine directed approach to trusted computing VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3. pp. 3- 3 ,(2004)
Petros Maniatis, Byung-Gon Chun, Jayanthkumar Kannan, Secure data preservers forweb services usenix conference on web application development. pp. 3- 3 ,(2011)
Paul England, Alec Wolman, Talha Bin Tariq, David Robinson, Stefan Saroiu, Himanshu Raj, Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor ,(2011)
Vitaly Shmatikov, Ann Kilzer, Srinath T. V. Setty, Indrajit Roy, Emmett Witchel, Airavat: security and privacy for MapReduce networked systems design and implementation. pp. 20- 20 ,(2010) , 10.5555/1855711.1855731
Andrew G. Miklas, Alec Wolman, Angela Demke Brown, Stefan Saroiu, Bunker: a privacy-oriented platform for network tracing networked systems design and implementation. pp. 29- 42 ,(2009)
Reiner Sailer, Leendert van Doorn, Trent Jaeger, Xiaolan Zhang, Design and implementation of a TCG-based integrity measurement architecture usenix security symposium. pp. 16- 16 ,(2004)
Devdatta Akhawe, Petros Maniatis, Kevin Fall, Dawn Song, Elaine Shi, Stephen McCamant, Do you know where your data are?: secure data capsules for deployable data protection hot topics in operating systems. pp. 22- 22 ,(2011)
Mike Hibler, Eric Eide, Robert Ricci, Cody Cutler, Trusted disk loading in the Emulab network testbed CSET'10 Proceedings of the 3rd international conference on Cyber security experimentation and test. pp. 1- 8 ,(2010)
Ronald Perez, Reiner Sailer, Leendert van Doorn, None, vTPM: virtualizing the trusted platform module usenix security symposium. pp. 21- ,(2006)
Krishna P. Gummadi, Nuno Santos, Rodrigo Rodrigues, Towards trusted cloud computing ieee international conference on cloud computing technology and science. pp. 1- 5 ,(2009)