Shielding Applications from an Untrusted Cloud with Haven
Thursday, August 7, 2014 - 1:45pm
Authors:
Andrew Baumann, Marcus Peinado, and Galen Hunt, Microsoft Research
Awarded Best Paper
Abstract:
Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.
We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator's OS, VM and firmware). Our prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks such as memory probes, but also addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {186173,
author = {Andrew Baumann and Marcus Peinado and Galen Hunt},
title = {Shielding Applications from an Untrusted Cloud with Haven},
booktitle = {11th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 14)},
year = {2014},
isbn = { 978-1-931971-16-4},
address = {Broomfield, CO},
pages = {267--283},
url = {https://www.usenix.org/conference/osdi14/technical-sessions/presentation/baumann},
publisher = {{USENIX} Association},
month = oct,
}
connect with us