Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Shielding applications from an untrusted cloud with Haven
Baumann A., Peinado M., Hunt G.  OSDI 2014 (Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, Broomfield, CO,  Oct 6-8, 2014) 267-283. 2014. Type: Proceedings
Date Reviewed: Feb 23 2015

Cloud computing is a recent model for provisioning commodity hardware with a preinstalled software environment to run a custom software executable, where the provider of the commodity environment has enormous latitude for its provisioning. The term is new and its definition still coalescing, but the provider controls the hardware and software stack. Cloud computing subverts the longstanding tenet that the computing environment is largely trusted, whereas application software is untrustworthy. From the perspective of a custom application running in the cloud, trust in the environment is misplaced, because security guarantees are puny and expensive, and trust is difficult or impossible to enforce and validate.

Very little help in support of a healthy general presumption of mutual distrust between application code and the cloud environment is available. This paper provides a proof-of-concept implementation enabling mutual distrust between a general-purpose, user-level application and its operating environment, even when the user application is written without particular care to validate and enforce trust. This remarkable goal is achieved by embracing and sensibly extending the newly available Intel Software Guard Extensions (SGX) instructions and specification.

Originally, SGX enabled only parts of an application written to take advantage of this feature some degree of execution trust guaranteed by the hardware itself. SGX has limitations precluding the extension of trust to an entire application; for instance, SGX does not allow trust when processing interrupts. Haven succeeded in defining and implementing shielded execution for an entire, unmodified legacy application affording mutual distrust in a working prototype running Microsoft SQL Server and an Apache Web Server. This brilliant accomplishment could be celebrated as a harbinger of trust in the increasingly pervasive cloud computing model.

Reviewer:  A. Squassabia Review #: CR143201 (1506-0492)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (D.4.6 )
 
 
Cloud Computing (C.2.4 ... )
 
 
Network Communication (D.4.4 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
A survey on malware detection using data mining techniques
Ye Y., Li T., Adjeroh D., Iyengar S.  ACM Computing Surveys 50(3): 1-40, 2017. Type: Article
Sep 22 2017
Predicting cyber attacks with Bayesian networks using unconventional signals
Okutan A., Yang S., McConky K.  CISRC 2017 (Proceedings of the 12th Annual Cyber and Information Security Research Conference, Oak Ridge, TN,  Apr 4-6, 2017) 1-4, 2017. Type: Proceedings
Jun 2 2017
Toward engineering a secure Android ecosystem: a survey of existing techniques
Xu M., Song C., Ji Y., Shih M., Lu K., Zheng C., Duan R., Jang Y., Lee B., Qian C., Lee S., Kim T.  ACM Computing Surveys 49(2): 1-47, 2016. Type: Article
Mar 9 2017
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2017 ThinkLoud, Inc.
Terms of Use
| Privacy Policy