{"title":"主题演讲III:可信云:如何使云更加安全","authors":"S. Rajamani","doi":"10.1109/MEMCOD.2016.7797757","DOIUrl":null,"url":null,"abstract":"Cloud computing is growing because of cost advantages and convenience it offers to customers. However, security and privacy continue to be major concerns. We wish to guard against a powerful adversary who can compromise the CloudOS, and uses all privileges of the CloudOS to compromise the integrity and confidentiality of user applications. Secure hardware and/or small trusted hypervisors are the main weapons in our arsenal to guard against such powerful adversaries. Secure hardware (such as Intel SGX) enables user mode applications to package code and data into regions that are isolated from all other software running on the machine. Isolated regions can also be implemented with a small trusted hypervisor. However, it is an open research question as to how entire cloud services can be built using trusted hardware as a primitive, while maintaining a small TCB, providing good performance and end-to-end security guarantees. The Trusted Cloud project at Microsoft Research explores ways to answer this question, and it builds on techniques spanning hardware, OS, compilers and verification tools. In this talk, I will describe our efforts on architecting trusted and more secure cloud services using these principles.","PeriodicalId":180873,"journal":{"name":"2016 ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)","volume":"287 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Keynote talk III: Trusted cloud: How to make the cloud more secure\",\"authors\":\"S. Rajamani\",\"doi\":\"10.1109/MEMCOD.2016.7797757\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing is growing because of cost advantages and convenience it offers to customers. However, security and privacy continue to be major concerns. We wish to guard against a powerful adversary who can compromise the CloudOS, and uses all privileges of the CloudOS to compromise the integrity and confidentiality of user applications. Secure hardware and/or small trusted hypervisors are the main weapons in our arsenal to guard against such powerful adversaries. Secure hardware (such as Intel SGX) enables user mode applications to package code and data into regions that are isolated from all other software running on the machine. Isolated regions can also be implemented with a small trusted hypervisor. However, it is an open research question as to how entire cloud services can be built using trusted hardware as a primitive, while maintaining a small TCB, providing good performance and end-to-end security guarantees. The Trusted Cloud project at Microsoft Research explores ways to answer this question, and it builds on techniques spanning hardware, OS, compilers and verification tools. In this talk, I will describe our efforts on architecting trusted and more secure cloud services using these principles.\",\"PeriodicalId\":180873,\"journal\":{\"name\":\"2016 ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)\",\"volume\":\"287 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MEMCOD.2016.7797757\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 ACM/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MEMCOD.2016.7797757","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Keynote talk III: Trusted cloud: How to make the cloud more secure
Cloud computing is growing because of cost advantages and convenience it offers to customers. However, security and privacy continue to be major concerns. We wish to guard against a powerful adversary who can compromise the CloudOS, and uses all privileges of the CloudOS to compromise the integrity and confidentiality of user applications. Secure hardware and/or small trusted hypervisors are the main weapons in our arsenal to guard against such powerful adversaries. Secure hardware (such as Intel SGX) enables user mode applications to package code and data into regions that are isolated from all other software running on the machine. Isolated regions can also be implemented with a small trusted hypervisor. However, it is an open research question as to how entire cloud services can be built using trusted hardware as a primitive, while maintaining a small TCB, providing good performance and end-to-end security guarantees. The Trusted Cloud project at Microsoft Research explores ways to answer this question, and it builds on techniques spanning hardware, OS, compilers and verification tools. In this talk, I will describe our efforts on architecting trusted and more secure cloud services using these principles.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
