Protection of Mission-Critical Applications from Untrusted Execution Environments
ABSTRACT
Computing environment has changed significantly in the past few years. Instead of relying on a local physical host for computing tasks, companies, government organizations and personal users have all begun to take advantage of the emerging cloud computing infrastructure to improve their computing performance and experiences. How to provide a secure and fault-resilient environment in this new cloud era become a great challenge for computer science researchers and practitioners from both academia and industry. We have been taking a two-pronged approach. First, we extend our SP3 protection system to better support recent computer architectures so that the secrecy and integrity of user applications data are protected against potentially compromised operating systems running on either users' local physical hosts or cloud computing facilities, or both. Second, we find that cloud management stacks have significant impact, not only on the performance and functionality of the cloud environment, but also on the security and fault-resilience of the cloud as well. To meet this challenge, we have designed and implemented a prototype diagnostic tool utilizing a new logging framework of OpenStack--a popular open-source cloud management stack, and demonstrate its usefulness via bug/fault detection in some virtual machine provisioning scenarios. Combining local physical host protection with high-level cloud management stack hardening techniques, we are working toward the construction of a more secure and fault-resilient computing environment.