Campus Event Calendar
Event Entry
What and Who
System Designs for Securing Data and Computations against Administration Threats
Nuno Santos
Max Planck Institute for Software Systems
SWS Student Defense Talks - Thesis Proposal
Public Audience
English
Note: We use this to send email in the morning.
Date, Time and Location
Monday, 19 November 2012
18:00
60 Minutes
E1 5
005
Saarbrücken
Abstract
The modern computing platforms where users store and process security-sensitive data offer few or no defenses against administration threats. In server platforms such as corporate IT and cloud provider infrastructures, a curious or malicious system administrator could easily leak or corrupt the users’ data therein located. In mobile platforms (e.g., smartphones) attackers that manage to escalate administration privileges (e.g., after stealing the device) could get their hands on personal and enterprise data residing in the devices.
To protect user data and computations against administration threats, trusted computing systems can be an effective approach: trusted computing software shields user data and computations from the administrator, and trusted computing hardware checks the boot time integrity of the software binary to assure users that the software’s security properties hold. However, applying this technique to server and mobile platforms is challenging. Trusted computing hardware raises scalability and security concerns when applied to multi-node environments, such as cloud infrastructures. In addition, existing trusted computing software significantly limits administrators’ ability for maintaining the systems (e.g., installing packages and kernel modules), and offers application developers low level programming abstractions, which make application development cumbersome.
In this thesis, we present three systems aimed at addressing these challenges. First, we propose Excalibur, a system that provides support for building trusted cloud services by retrofitting commodity trusted computing hardware to cloud infrastructures; it exposes simple primitives that restrict access to user data by the provider’s cloud nodes based on a user-defined policy. Second, we present an OS design model, named broker security model, and a proof-of-concept OS—BrokULOS—that shows how to design a Linux-based OS that can provide information security while letting the administrator perform the management tasks required to keep the system operational. Third, we propose the Trusted Language Runtime (TLR), trusted computing software that exposes high-level abstractions for developing trusted applications for smartphones; the TLR depends on a small trusted computing base by taking advantage on ARM TrustZone technology and the .Net Microframework.
To protect user data and computations against administration threats, trusted computing systems can be an effective approach: trusted computing software shields user data and computations from the administrator, and trusted computing hardware checks the boot time integrity of the software binary to assure users that the software’s security properties hold. However, applying this technique to server and mobile platforms is challenging. Trusted computing hardware raises scalability and security concerns when applied to multi-node environments, such as cloud infrastructures. In addition, existing trusted computing software significantly limits administrators’ ability for maintaining the systems (e.g., installing packages and kernel modules), and offers application developers low level programming abstractions, which make application development cumbersome.
In this thesis, we present three systems aimed at addressing these challenges. First, we propose Excalibur, a system that provides support for building trusted cloud services by retrofitting commodity trusted computing hardware to cloud infrastructures; it exposes simple primitives that restrict access to user data by the provider’s cloud nodes based on a user-defined policy. Second, we present an OS design model, named broker security model, and a proof-of-concept OS—BrokULOS—that shows how to design a Linux-based OS that can provide information security while letting the administrator perform the management tasks required to keep the system operational. Third, we propose the Trusted Language Runtime (TLR), trusted computing software that exposes high-level abstractions for developing trusted applications for smartphones; the TLR depends on a small trusted computing base by taking advantage on ARM TrustZone technology and the .Net Microframework.
Contact
--email hidden
passcode not visible
logged in users only
Carina Schmitt, 02/14/2013 16:47
Maria-Louise Maggio, 02/13/2013 11:07 -- Created document.
Maria-Louise Maggio, 02/13/2013 11:07 -- Created document.