Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud Environment

Lei Xu; Jonghyuk Lee; Seung Hun Kim; Qingji Zheng; Shouhuai Xu; Taeweon Suh; Won Woo Ro; Weidong Shi

doi:10.1109/TCC.2015.2511728

Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud Environment

Lei Xu, Jonghyuk Lee, Seung Hun Kim, Qingji Zheng, Shouhuai Xu, Taeweon Suh, Won Woo Ro, Weidong Shi

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

In cloud computing, it is often assumed that cloud vendors are trusted; the guest Operating System (OS) and the Virtual Machine Monitor (VMM, also called Hypervisor) are secure. However, these assumptions are not always true in practice and existing approaches cannot protect the data privacy of applications when none of these parties are trusted. We investigate how to cope with a strong threat model which is that the cloud vendors, the guest OS, or the VMM, or both of them are malicious or untrusted, and can launch attacks against privacy of trusted user applications. This model is relevant because applications may be small enough to be formally verified, while the guest OS and VMM are too complex to be formally verified. Specifically, we present the design and analysis of an architectural solution which integrates a set of components on-chip to protect the memory of trusted applications from potential software and hardware based attacks from untrusted cloud providers, compromised guest OS, or malicious VMM. Full-system performance evaluation results show that the design only incurs 9 percent overhead on average, which is a small performance price that is paid for the substantial security gain.

Original language	English
Pages (from-to)	478-491
Number of pages	14
Journal	IEEE Transactions on Cloud Computing
Volume	6
Issue number	2
DOIs	https://doi.org/10.1109/TCC.2015.2511728
Publication status	Published - 2018 Apr 1

Keywords

architectural support
hypervisor
security
Virtualization

ASJC Scopus subject areas

Software
Information Systems
Hardware and Architecture
Computer Science Applications
Computer Networks and Communications

Access to Document

10.1109/TCC.2015.2511728

Cite this

@article{acbb64fb64fc4e8ab8811aae6133905d,

title = "Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud Environment",

abstract = "In cloud computing, it is often assumed that cloud vendors are trusted; the guest Operating System (OS) and the Virtual Machine Monitor (VMM, also called Hypervisor) are secure. However, these assumptions are not always true in practice and existing approaches cannot protect the data privacy of applications when none of these parties are trusted. We investigate how to cope with a strong threat model which is that the cloud vendors, the guest OS, or the VMM, or both of them are malicious or untrusted, and can launch attacks against privacy of trusted user applications. This model is relevant because applications may be small enough to be formally verified, while the guest OS and VMM are too complex to be formally verified. Specifically, we present the design and analysis of an architectural solution which integrates a set of components on-chip to protect the memory of trusted applications from potential software and hardware based attacks from untrusted cloud providers, compromised guest OS, or malicious VMM. Full-system performance evaluation results show that the design only incurs 9 percent overhead on average, which is a small performance price that is paid for the substantial security gain.",

keywords = "architectural support, hypervisor, security, Virtualization",

author = "Lei Xu and Jonghyuk Lee and Kim, {Seung Hun} and Qingji Zheng and Shouhuai Xu and Taeweon Suh and Ro, {Won Woo} and Weidong Shi",

year = "2018",

month = apr,

day = "1",

doi = "10.1109/TCC.2015.2511728",

language = "English",

volume = "6",

pages = "478--491",

journal = "IEEE Transactions on Cloud Computing",

issn = "2168-7161",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud Environment

AU - Xu, Lei

AU - Lee, Jonghyuk

AU - Kim, Seung Hun

AU - Zheng, Qingji

AU - Xu, Shouhuai

AU - Suh, Taeweon

AU - Ro, Won Woo

AU - Shi, Weidong

PY - 2018/4/1

Y1 - 2018/4/1

N2 - In cloud computing, it is often assumed that cloud vendors are trusted; the guest Operating System (OS) and the Virtual Machine Monitor (VMM, also called Hypervisor) are secure. However, these assumptions are not always true in practice and existing approaches cannot protect the data privacy of applications when none of these parties are trusted. We investigate how to cope with a strong threat model which is that the cloud vendors, the guest OS, or the VMM, or both of them are malicious or untrusted, and can launch attacks against privacy of trusted user applications. This model is relevant because applications may be small enough to be formally verified, while the guest OS and VMM are too complex to be formally verified. Specifically, we present the design and analysis of an architectural solution which integrates a set of components on-chip to protect the memory of trusted applications from potential software and hardware based attacks from untrusted cloud providers, compromised guest OS, or malicious VMM. Full-system performance evaluation results show that the design only incurs 9 percent overhead on average, which is a small performance price that is paid for the substantial security gain.

AB - In cloud computing, it is often assumed that cloud vendors are trusted; the guest Operating System (OS) and the Virtual Machine Monitor (VMM, also called Hypervisor) are secure. However, these assumptions are not always true in practice and existing approaches cannot protect the data privacy of applications when none of these parties are trusted. We investigate how to cope with a strong threat model which is that the cloud vendors, the guest OS, or the VMM, or both of them are malicious or untrusted, and can launch attacks against privacy of trusted user applications. This model is relevant because applications may be small enough to be formally verified, while the guest OS and VMM are too complex to be formally verified. Specifically, we present the design and analysis of an architectural solution which integrates a set of components on-chip to protect the memory of trusted applications from potential software and hardware based attacks from untrusted cloud providers, compromised guest OS, or malicious VMM. Full-system performance evaluation results show that the design only incurs 9 percent overhead on average, which is a small performance price that is paid for the substantial security gain.

KW - architectural support

KW - hypervisor

KW - security

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=85048247685&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85048247685&partnerID=8YFLogxK

U2 - 10.1109/TCC.2015.2511728

DO - 10.1109/TCC.2015.2511728

M3 - Article

AN - SCOPUS:85048247685

SN - 2168-7161

VL - 6

SP - 478

EP - 491

JO - IEEE Transactions on Cloud Computing

JF - IEEE Transactions on Cloud Computing

IS - 2

ER -

Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud Environment

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this