[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Sealed Computation: Abstract Requirements for Mechanisms to Support Trustworthy Cloud Computing

  • Conference paper
  • First Online:
Computer Security (SECPRE 2018, CyberICPS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11387))

Abstract

In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is that the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously. In this paper, we propose an approach that avoids having to trust a single entity. Our approach is based on two concepts: (1) the technical abstraction of sealed computation, i.e., a technical mechanism to confine the processing of data within a tamper-proof hardware container, and (2) the additional role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected. We discuss the abstract technical and procedural requirements of these concepts and explain how they can be applied in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    While privacy has many definitions, here we explicitly use the term Privacy and not Confidentiality to emphasize end users’ privacy (as individuals) against the providers and operators of the system (as organizations).

References

  1. Aazam, M., Khan, I., Alsaffar, A.A., Huh, E.N.: Cloud of things: integrating internet of things and cloud computing and the issues involved. In: 2014 11th International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 414–419. IEEE (2014)

    Google Scholar 

  2. Alam, S., Chowdhury, M.M., Noll, J.: SenaaS: an event-driven sensor virtualization approach for Internet of Things cloud. In: 2010 IEEE International Conference on Networked Embedded Systems for Enterprise Applications (NESEA), pp. 1–6. IEEE (2010)

    Google Scholar 

  3. Alhanahnah, M., Bertok, P., Tari, Z.: Trusting cloud service providers: trust phases and a taxonomy of trust factors. IEEE Cloud Comput. 4(1), 44–54 (2017)

    Article  Google Scholar 

  4. Allianz Deutschland AG: Allianz BonusDrive User Guide (2017). https://www.allianz.de/docs/auto/BonusDrive-UserGuide.pdf. Accessed 28 Jan 2018

  5. Allianz Press Release: (in German) Nicht alle jungen Fahrer sind Straßen-Rowdies (2017). https://www.allianzdeutschland.de/-nicht-alle-jungen-fahrer-sind-strassen-rowdies-/id_77853754/index. Accessed 28 Jan 2018

  6. Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2014, Broomfield, CO, USA, October 6–8, pp. 267–283 (2014). https://www.usenix.org/conference/osdi14/technical-sessions/presentation/baumann

  7. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. Technical report Cloud Security Alliance (2011). https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf

  8. Coker, G., et al.: Principles of remote attestation. Int. J. Inf. Secur. 10(2), 63–81 (2011). https://doi.org/10.1007/s10207-011-0124-7

    Article  Google Scholar 

  9. Derikx, S., de Reuver, M., Kroesen, M.: Can privacy concerns for insurance of connected cars be compensated? Electron. Markets 26(1), 73–81 (2016). https://doi.org/10.1007/s12525-015-0211-0

    Article  Google Scholar 

  10. Dyer, J.G., et al.: Building the IBM 4758 secure coprocessor. IEEE Comput. 34(10), 57–66 (2001). https://doi.org/10.1109/2.955100

    Article  Google Scholar 

  11. Ge, C., Ohoussou, A.K.: Sealed storage for trusted cloud computing. In: 2010 International Conference On Computer Design and Applications, vol. 5, pp. V5-335–V5-339, June 2010

    Google Scholar 

  12. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, 31 May–2 June 2009, pp. 169–178 (2009). http://doi.acm.org/10.1145/1536414.1536440

  13. Georgiopoulou, Z., Lambrinoudakis, C.: Literature review of trust models for cloud computing. In: 2016 15th International Symposium on Parallel and Distributed Computing (ISPDC), pp. 208–213, July 2016

    Google Scholar 

  14. Habib Mahbub, S., Hauke, S., Ries, S., Mühlhäuser, M.: Trust as a facilitator in cloud computing: a survey. J. Cloud Comput. 1, 19 (2012). https://doi.org/10.1186/2192-113X-1-19

    Article  Google Scholar 

  15. HUK-Coburg: (in German) Mit Sicherheit fahren und sparen. Unser Smart Driver Programm für junge Fahrer (2017). https://www.huk.de/fahrzeuge/kfz-versicherung/smart-driver.html. Accessed 28 Jan 2018

  16. Karapiperis, D., et al.: Usage-based insurance and vehicle telematics: insurance market and regulatory implications. Technical report 1, National Association of Insurance Commisioners (NAIC), CIPR Study Series (2015)

    Google Scholar 

  17. Li, X.Y., Zhou, L.T., Shi, Y., Guo, Y.: A trusted computing environment model in cloud architecture. In: 2010 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 2843–2848, July 2010

    Google Scholar 

  18. Maene, P., Götzfried, J., de Clercq, R., Müller, T., Freiling, F., Verbauwhede, I.: Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. 99, 1–1 (2017). https://doi.org/10.1109/TC.2017.2647955

    Article  MATH  Google Scholar 

  19. Mell, P., Grance, T.: Effectively and securely using the cloud computing paradigm. NIST Inf. Technol. Lab. 2(8), 304–311 (2009)

    Google Scholar 

  20. Morris Jr., J.H.: Protection in programming languages. Commun. ACM 16(1), 15–21 (1973). https://doi.org/10.1145/361932.361937

    Article  MATH  Google Scholar 

  21. Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, 19 May–22 May 2013, pp. 238–252 (2013). https://doi.org/10.1109/SP.2013.47

  22. Rizvi, S., Ryoo, J., Liu, Y., Zazworsky, D., Cappeta, A.: A centralized trust model approach for cloud computing. In: 2014 23rd Wireless and Optical Communication Conference (WOCC), pp. 1–6, May 2014

    Google Scholar 

  23. Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: a new abstraction for building trusted cloud services. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 175–188. USENIX, Bellevue, WA (2012). https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/santos

  24. Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, 17 May–21 May 2015, pp. 38–54 (2015). https://doi.org/10.1109/SP.2015.10

  25. Soleymanian, M., Weinberg, C., Zhu, T.: Sensor data, privacy, and behavioral tracking: does usage-based auto insurance benefit drivers? Technical report, Sauder School of Business (University of British Columbia) & Krannert School of Management (Purdue University) (2017). https://news.ubc.ca/wp-content/uploads/2017/06/UBI_Paper_Latex_Marketing_Science-with-name.pdf

  26. Utimaco IS GmbH: Hardware Security Modules (HSMs) are the core business focus for Utimaco (2018). https://hsm.utimaco.com/products/. Accessed 10 Jan 2018

  27. Wagner, S., Krauß, C., Eckert, C.: Lightweight attestation and secure code update for multiple separated microkernel tasks. In: Proceedings of 16th International Conference on Information Security, ISC 2013, Dallas, Texas, USA, 13–15 November 2013, pp. 20–36 (2013). https://doi.org/10.1007/978-3-319-27659-5_2

    Google Scholar 

Download references

Acknowledgments

The authors would like to thank Nico Döttling, Johannes Götzfried, Tilo Müller and Hubert Jäger for hints and useful comments on earlier versions of this paper. This research is conducted under and supported by the “Privacy&Us” Innovative Training Network (EU H2020 MSCA ITN, grant agreement No. 675730).

Author information

Authors and Affiliations

  1. Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), Erlangen, Germany

    Lamya Abdullah, Felix Freiling, Juan Quintero & Zinaida Benenson

  2. Uniscon GmbH, Munich, Germany

    Lamya Abdullah & Juan Quintero

Authors
  1. Lamya Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Felix Freiling
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juan Quintero
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zinaida Benenson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lamya Abdullah .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Cesson-Sévigné, France

    Frédéric Cuppens

  3. IMT Atlantique, Cesson-Sévigné, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  6. University of the Aegean, Karlovasi, Greece

    Stefanos Gritzalis

  7. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  8. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abdullah, L., Freiling, F., Quintero, J., Benenson, Z. (2019). Sealed Computation: Abstract Requirements for Mechanisms to Support Trustworthy Cloud Computing. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2018 2018. Lecture Notes in Computer Science(), vol 11387. Springer, Cham. https://doi.org/10.1007/978-3-030-12786-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12786-2_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12785-5

  • Online ISBN: 978-3-030-12786-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation