Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Conference Organizers
  • Technical Sessions
  • Co-located Workshops
  • Sponsorship
  • Students and Grants
  • Questions?
  • Help Promote!
  • For Participants
  • Call for Papers

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Custos: Increasing Security with Secret Storage as a Service
Tweet

connect with us

http://twitter.com/usenix
http://www.usenix.org/facebook
http://www.usenix.org/linkedin
http://www.usenix.org/gplus
http://www.usenix.org/youtube

Custos: Increasing Security with Secret Storage as a Service

Authors: 

Andy Sayler and Dirk Grunwald, University of Colorado, Boulder

Abstract: 

In the age of cloud computing, securely storing, tracking, and controlling access to digital “secrets” (e.g. private cryptographic keys, hashed passwords, etc) is a major challenge for developers, administrators, and end-users alike. Yet, the ability to securely store such secrets is critical to the security of the web-connected applications on which we rely. We believe many of the traditional challenges to the secure storage of digital secrets can be overcome through the creation of a dedicated “Secret Storage as a Service” (SSaaS) interface. Such an interface allows us to separate secure secret storage and access control from the applications that require such services. We present Custos: an SSaaS prototype. We describe the Custos design principles and architecture. We also discuss a range of applications in which Custos can be leveraged to store secrets such as cryptographic keys. We compare Custos-backed versions of such applications to the existing alternatives and discuss how Custos and the SSaaS model can improve the security of such applications while still supporting the wide range of features (e.g. multi-device syncing, multi-user sharing, etc) we have come to expect in the age of the Cloud.

Andy Sayler, University of Colorado, Boulder

Dirk Grunwald, University of Colorado, Boulder

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {187034,
author = {Andy Sayler and Dirk Grunwald},
title = {Custos: Increasing Security with Secret Storage as a Service},
booktitle = {2014 Conference on Timely Results in Operating Systems (TRIOS 14)},
year = {2014},
address = {Broomfield, CO},
url = {https://www.usenix.org/conference/trios14/technical-sessions/presentation/sayler},
publisher = {USENIX Association},
month = oct,
}
Download
Sayler PDF
View the slides

Presentation Video 

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us