PROTECTING PRIVATE DATA IN THE CLOUD

Lars Rasmusson, Mudassar Aslam

2012

Abstract

Companies that process business critical and secret data are reluctant to use utility and cloud computing for the risk that their data gets stolen by rogue system administrators at the hosting company. We describe a system organization that prevents host administrators from directly accessing or installing eaves-dropping software on the machine that holds the client’s valuable data. Clients are monitored via machine code probes that are inlined into the clients’ programs at runtime. The system enables the cloud provider to install and remove software probes into the machine code without stopping the client’s program, and it prevents the provider from installing probes not granted by the client.

References

  1. Bala, V., Duesterwald, E., and Banerjia, S. (2000). Dynamo: a transparent dynamic optimization system. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, PLDI 7800, pages 1-12, New York, NY, USA. ACM. http://doi.acm.org/10.1145/349299.349303.
  2. Bala, V., Duesterwald, E., and Banerjia, S. (2000). Dynamo: a transparent dynamic optimization system. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, PLDI 7800, pages 1-12, New York, NY, USA. ACM. http://doi.acm.org/10.1145/349299.349303.
  3. Baldwin, A., Dalton, C., Shiu, S., Kostienko, K., and Rajpoot, Q. (2009). Providing secure services for a virtual infrastructure. SIGOPS Oper. Syst. Rev., 43:44- 51. http://doi.acm.org/10.1145/1496909.1496919.
  4. Baldwin, A., Dalton, C., Shiu, S., Kostienko, K., and Rajpoot, Q. (2009). Providing secure services for a virtual infrastructure. SIGOPS Oper. Syst. Rev., 43:44- 51. http://doi.acm.org/10.1145/1496909.1496919.
  5. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. (2003). Xen and the art of virtualization. SIGOPS Oper. Syst. Rev., 37:164-177. http://doi.acm.org/10.1145/1165389.945462.
  6. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. (2003). Xen and the art of virtualization. SIGOPS Oper. Syst. Rev., 37:164-177. http://doi.acm.org/10.1145/1165389.945462.
  7. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. (2008). TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev., 42:40-47. http://dx.doi.org/10.1145/1341312.1341321.
  8. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. (2008). TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev., 42:40-47. http://dx.doi.org/10.1145/1341312.1341321.
  9. Bruening, D. L. (2004). Efficient, transparent, and comprehensive runtime code manipulation. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10 .1.1.68.7639.
  10. Bruening, D. L. (2004). Efficient, transparent, and comprehensive runtime code manipulation. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10 .1.1.68.7639.
  11. Bungale, P. P. and Luk, C.-K. (2007). PinOS: A programmable framework for whole-system dynamic instrumentation. In Proceedings of the 3rd international conference on Virtual execution environments, VEE 7807, pages 137-147, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1254810.1254830.
  12. Bungale, P. P. and Luk, C.-K. (2007). PinOS: A programmable framework for whole-system dynamic instrumentation. In Proceedings of the 3rd international conference on Virtual execution environments, VEE 7807, pages 137-147, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1254810.1254830.
  13. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., and Zamboni, D. (2009). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 7809, pages 97-102, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1655008.1655022.
  14. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., and Zamboni, D. (2009). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 7809, pages 97-102, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1655008.1655022.
  15. Constandache, I., Yumerefendi, A., and Chase, J. (2008). Secure control of portable images in a virtual computing utility. In Proceedings of the 1st ACM workshop on Virtual machine security, VMSec 7808, pages 1-8, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1456482.1456484.
  16. Constandache, I., Yumerefendi, A., and Chase, J. (2008). Secure control of portable images in a virtual computing utility. In Proceedings of the 1st ACM workshop on Virtual machine security, VMSec 7808, pages 1-8, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1456482.1456484.
  17. Descher, M., Masser, P., Feilhauer, T., Tjoa, A. M., and Huemer, D. (2009). Retaining data control to the client in infrastructure clouds. Availability, Reliability and Security, International Conference on, 0:9-16.
  18. Descher, M., Masser, P., Feilhauer, T., Tjoa, A. M., and Huemer, D. (2009). Retaining data control to the client in infrastructure clouds. Availability, Reliability and Security, International Conference on, 0:9-16.
  19. http://doi.ieeecomputersociety.org/10.1109/ARES.20 09.78.
  20. http://doi.ieeecomputersociety.org/10.1109/ARES.20 09.78.
  21. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. (2003). Terra: a virtual machinebased platform for trusted computing. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP 7803, pages 193-206, New York, NY, USA. ACM. http://doi.acm.org/10.1145/945445.945464.
  22. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. (2003). Terra: a virtual machinebased platform for trusted computing. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP 7803, pages 193-206, New York, NY, USA. ACM. http://doi.acm.org/10.1145/945445.945464.
  23. Kuttikrishnan, D. (2011). Cloud Computing: Slow Adoption Rates, Current Obstacles. http://www.datamation.com/cloudcomputing/cloud-computing-slow-adoption-ratescurrent-obstacles.html.
  24. Kuttikrishnan, D. (2011). Cloud Computing: Slow Adoption Rates, Current Obstacles. http://www.datamation.com/cloudcomputing/cloud-computing-slow-adoption-ratescurrent-obstacles.html.
  25. Lattner, C. and Adve, V. (2004). LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization, CGO 7804, pages 75-, Washington, DC, USA. IEEE Computer Society. http://llvm.org/pubs/2003-09-30- LifelongOptimizationTR.pdf.
  26. Lattner, C. and Adve, V. (2004). LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization, CGO 7804, pages 75-, Washington, DC, USA. IEEE Computer Society. http://llvm.org/pubs/2003-09-30- LifelongOptimizationTR.pdf.
  27. Parno, B. (2008). Bootstrapping trust in a ”trusted” platform. In Proceedings of the 3rd Conference on Hot Topics in Security, pages 9:1- 9:6, Berkeley, CA, USA. USENIX Association. http://www.usenix.org/event/hotsec08/tech/full paper s/parno/parno.pdf.
  28. Parno, B. (2008). Bootstrapping trust in a ”trusted” platform. In Proceedings of the 3rd Conference on Hot Topics in Security, pages 9:1- 9:6, Berkeley, CA, USA. USENIX Association. http://www.usenix.org/event/hotsec08/tech/full paper s/parno/parno.pdf.
  29. Payne, B. D., Carbone, M., and Lee, W. (2007). Secure and Flexible Monitoring of Virtual Machines. Computer Security Applications Conference, Annual, 0:385-397. http://doi.ieeecomputersociety.org/10.1109/ACSAC.2 007.10.
  30. Payne, B. D., Carbone, M., and Lee, W. (2007). Secure and Flexible Monitoring of Virtual Machines. Computer Security Applications Conference, Annual, 0:385-397. http://doi.ieeecomputersociety.org/10.1109/ACSAC.2 007.10.
  31. Reddi, V. J., Settle, A., Connors, D. A., and Cohn, R. S. (2004). PIN: A Binary Instrumentation Tool for Computer Architecture Research and Education. In Proceedings of the 2004 workshop on Computer Architecture Education: held in conjunction with the 31st International Symposium on Computer Architecture, WCAE 7804, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1275571.1275600.
  32. Reddi, V. J., Settle, A., Connors, D. A., and Cohn, R. S. (2004). PIN: A Binary Instrumentation Tool for Computer Architecture Research and Education. In Proceedings of the 2004 workshop on Computer Architecture Education: held in conjunction with the 31st International Symposium on Computer Architecture, WCAE 7804, New York, NY, USA. ACM. http://doi.acm.org/10.1145/1275571.1275600.
  33. Rodero-Merino, L., Vaquero, L. M., Caron, E., Muresan, A., and Desprez, F. (2012). Building safe paas clouds: A survey on security in multitenant software platforms. Computers & Security, 31(1):96 - 108. http://dx.doi.org/10.1016/j.cose.2011.10.006.
  34. Rodero-Merino, L., Vaquero, L. M., Caron, E., Muresan, A., and Desprez, F. (2012). Building safe paas clouds: A survey on security in multitenant software platforms. Computers & Security, 31(1):96 - 108. http://dx.doi.org/10.1016/j.cose.2011.10.006.
  35. Santos, N., Gummadi, K. P., and Rodrigues, R. (2009). Towards Trusted Cloud Computing. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud'09, Berkeley, CA, USA. USENIX Association. http://portal.acm.org/citation.cfm?id=1855533.18555 36.
  36. Santos, N., Gummadi, K. P., and Rodrigues, R. (2009). Towards Trusted Cloud Computing. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud'09, Berkeley, CA, USA. USENIX Association. http://portal.acm.org/citation.cfm?id=1855533.18555 36.
  37. Trusted Grub (2012). http://projects.sirrix.com/trac/trustedg rub.
  38. Trusted Grub (2012). http://projects.sirrix.com/trac/trustedg rub.
  39. Van Dijk, M. and Juels, A. (2010). On the impossibility of cryptography alone for privacy-preserving cloud computing. In Proceedings of the 5th USENIX conference on Hot topics in security, HotSec'10, pages 1-8, Berkeley, CA, USA. USENIX Association. http://www.usenix.org/events/hotsec10/tech/full pape rs/vanDijk.pdf.
  40. Van Dijk, M. and Juels, A. (2010). On the impossibility of cryptography alone for privacy-preserving cloud computing. In Proceedings of the 5th USENIX conference on Hot topics in security, HotSec'10, pages 1-8, Berkeley, CA, USA. USENIX Association. http://www.usenix.org/events/hotsec10/tech/full pape rs/vanDijk.pdf.
  41. Vaquero, L. M., Rodero-Merino, L., and Morn, D. (2011). Locking the sky: a survey on IaaS cloud security. Computing, 91:93-118. http://dx.doi.org/10.1007/s00607-010-0140-x.
  42. Vaquero, L. M., Rodero-Merino, L., and Morn, D. (2011). Locking the sky: a survey on IaaS cloud security. Computing, 91:93-118. http://dx.doi.org/10.1007/s00607-010-0140-x.
  43. Wan, M., Moore, R., and Rajasekar, A. (2009). Integration of cloud storage with data grids. Computing. https://www.irods.org/pubs/DICE icvci3 mainpaper pub-0910.pdf.
  44. Wan, M., Moore, R., and Rajasekar, A. (2009). Integration of cloud storage with data grids. Computing. https://www.irods.org/pubs/DICE icvci3 mainpaper pub-0910.pdf.
Download


Paper Citation


in Harvard Style

Rasmusson L. and Aslam M. (2012). PROTECTING PRIVATE DATA IN THE CLOUD . In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-05-1, pages 5-12. DOI: 10.5220/0003895800050012


in Harvard Style

Rasmusson L. and Aslam M. (2012). PROTECTING PRIVATE DATA IN THE CLOUD . In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-05-1, pages 5-12. DOI: 10.5220/0003895800050012


in Bibtex Style

@conference{closer12,
author={Lars Rasmusson and Mudassar Aslam},
title={PROTECTING PRIVATE DATA IN THE CLOUD},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2012},
pages={5-12},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003895800050012},
isbn={978-989-8565-05-1},
}


in Bibtex Style

@conference{closer12,
author={Lars Rasmusson and Mudassar Aslam},
title={PROTECTING PRIVATE DATA IN THE CLOUD},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2012},
pages={5-12},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003895800050012},
isbn={978-989-8565-05-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - PROTECTING PRIVATE DATA IN THE CLOUD
SN - 978-989-8565-05-1
AU - Rasmusson L.
AU - Aslam M.
PY - 2012
SP - 5
EP - 12
DO - 10.5220/0003895800050012


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - PROTECTING PRIVATE DATA IN THE CLOUD
SN - 978-989-8565-05-1
AU - Rasmusson L.
AU - Aslam M.
PY - 2012
SP - 5
EP - 12
DO - 10.5220/0003895800050012