Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Shielding applications from an untrusted cloud with Haven
Baumann A., Peinado M., Hunt G.  OSDI 2014 (Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, Broomfield, CO,  Oct 6-8, 2014) 267-283. 2014. Type: Proceedings
Date Reviewed: Feb 23 2015

Cloud computing is a recent model for provisioning commodity hardware with a preinstalled software environment to run a custom software executable, where the provider of the commodity environment has enormous latitude for its provisioning. The term is new and its definition still coalescing, but the provider controls the hardware and software stack. Cloud computing subverts the longstanding tenet that the computing environment is largely trusted, whereas application software is untrustworthy. From the perspective of a custom application running in the cloud, trust in the environment is misplaced, because security guarantees are puny and expensive, and trust is difficult or impossible to enforce and validate.

Very little help in support of a healthy general presumption of mutual distrust between application code and the cloud environment is available. This paper provides a proof-of-concept implementation enabling mutual distrust between a general-purpose, user-level application and its operating environment, even when the user application is written without particular care to validate and enforce trust. This remarkable goal is achieved by embracing and sensibly extending the newly available Intel Software Guard Extensions (SGX) instructions and specification.

Originally, SGX enabled only parts of an application written to take advantage of this feature some degree of execution trust guaranteed by the hardware itself. SGX has limitations precluding the extension of trust to an entire application; for instance, SGX does not allow trust when processing interrupts. Haven succeeded in defining and implementing shielded execution for an entire, unmodified legacy application affording mutual distrust in a working prototype running Microsoft SQL Server and an Apache Web Server. This brilliant accomplishment could be celebrated as a harbinger of trust in the increasingly pervasive cloud computing model.

Reviewer:  A. Squassabia Review #: CR143201 (1506-0492)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
Security and Protection (D.4.6 )
Cloud Computing (C.2.4 ... )
Network Communication (D.4.4 ... )
Would you recommend this review?
Other reviews under "Security and Protection": Date
Security, privacy and user interaction
Jakobsson M.,  Springer International Publishing, New York, NY, 2020. 153 pp. Type: Book (978-3-030437-53-4)
Aug 11 2021
Rethinking regex engines to address ReDoS
Davis J.  ESEC/FSE 2019 (Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Tallinn, Estonia,  Aug 26-30, 2019) 1256-1258, 2019. Type: Proceedings
Dec 31 2020
Security and privacy on blockchain
Zhang R., Xue R., Liu L.  ACM Computing Surveys 52(3): 1-34, 2019. Type: Article
May 27 2020

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2021 ThinkLoud, Inc.
Terms of Use
| Privacy Policy