Securing cryptographic keys in the IaaS cloud model
作者: E. Damiani , T. Martin , K. Salah , B. AlBelooshi
DOI: 10.1109/UCC.2015.64
关键词:
摘要: Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, supplied on-demand, in pay-as-you-go fashion. IaaS providers give their clients virtual machines (VMs) that are controlled by administrators who can run, stop, restore migrate the VMs. A typical threat to unauthorized access of untrustworthy users' sensitive information residing VMs' memory. In this paper we focus on cryptographic keys being stolen from RAM VM they provision. We propose decrypt-scatter/gather-decrypt technique allows users carry our encryption/decryption while protecting peeks part administrators. Our does not require modification current architecture, but only availability Trusted Platform Module (TPM) capable creating holding TPM-protected public/private key pair. It lends itself security-as-a-service scenarios third parties perform behalf data owners.
ieeecomputersociety.org参考文章(15)
Sören Bleikertz, Sven Bugiel, Hugo Ideler, Stefan Nürnberger, Ahmad-Reza Sadeghi, Client-controlled cryptography-as-a-service in the cloud applied cryptography and network security. pp. 19- 36 ,(2013) , 10.1007/978-3-642-38980-1_2
Alec Wolman, Stefan Saroiu, Himanshu Raj, Chen Chen, cTPM: a cloud TPM for cross-device trusted applications networked systems design and implementation. pp. 187- 201 ,(2014) , 10.5555/2616448.2616466
Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart, Cross-VM side channels and their use to extract private keys Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 305- 316 ,(2012) , 10.1145/2382196.2382230
Bhaskar Prasad Rimal, Eunmi Choi, Ian Lumb, A Taxonomy and Survey of Cloud Computing Systems 2009 Fifth International Joint Conference on INC, IMS and IDC. pp. 44- 51 ,(2009) , 10.1109/NCM.2009.218
Hidekazu Tadokoro, Kenichi Kourai, Shigeru Chiba, Preventing Information Leakage from Virtual Machines' Memory in IaaS Clouds Ipsj Online Transactions. ,vol. 5, pp. 156- 166 ,(2012) , 10.2197/IPSJTRANS.5.156
Sebastian Schrittwieser, Stefan Katzenbeisser, Georg Merzdovnik, Peter Kieseberg, Edgar Weippl, AES-SEC: Improving Software Obfuscation through Hardware-Assistance availability, reliability and security. pp. 184- 191 ,(2014) , 10.1109/ARES.2014.32
Ernesto Damiani, S De Capitani Vimercati, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati, None, Balancing confidentiality and efficiency in untrusted relational DBMSs computer and communications security. pp. 93- 102 ,(2003) , 10.1145/948109.948124
Derek Gordon Murray, Grzegorz Miłós, Steven Hand, None, Improving Xen security through disaggregation Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments - VEE '08. pp. 151- 160 ,(2008) , 10.1145/1346256.1346278
Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, Vinod Ganapathy, Self-service cloud computing Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 253- 264 ,(2012) , 10.1145/2382196.2382226
Chunxiao Li, Anand Raghunathan, Niraj K. Jha, Secure Virtual Machine Execution under an Untrusted Management OS international conference on cloud computing. pp. 172- 179 ,(2010) , 10.1109/CLOUD.2010.29