Yuxia Cheng,Qing Wu,Bei Wang,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_4

2017-01-01

Abstract:Protecting data security and privacy is one of the top concerns in the public cloud. As the cloud infrastructure is complex, and it is difficult for cloud users to gain trust. Particularly, how to guarantee the confidentiality and integrity of in-memory user private data in untrusted cloud faces big challenges. The in-memory data is typically used for online processing that requires high performance and plaintext access in CPU, therefore simple data encryption is infeasible for in-memory data security protection. In this paper, we propose a secure in-memory data cache scheme based on the memcached key-value store system and leverage the new trusted Intel SGX processors to protect sensitive operations. Firstly, we build a secure enclave and design a trusted channel protocol using remote attestation mechanism. Secondly, we propose a cache server partitioning method that decouples the sensitive key-value operations with enclave protection. Thirdly, we implement a secure client library to maintain the original cache semantics for application compatibility. The experimental result showed that the proposed solutions achieves comparable performance with the traditional key-value store systems, while improves the level of data security in untrusted cloud.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Ying Chen,Qingni Shen,Pengfei Sun,Yangwei Li,Zhong Chen,Sihan Qing

DOI: https://doi.org/10.1109/IPDPSW.2012.275

2012-01-01

Abstract:Infrastructure as a Service (IaaS), basically consists on the deliverance of virtual machines (VMs) to an IaaS provider, who can rise or shrink the number of VMs so as to offer fast and easy scalability according to variable workloads. However, according to the principle of Buckets Effect, the safety of the entire system relies on its most fragile component. This problem also exists in IaaS cloud. There are many VMs which co-exist in the same physical machine, but they may adopt different security protection. So this could lead VMs with the higher security requirement degrade to the lowest security level. In order to address these issues, we propose Trusted Cloud based on Security Level (TCSL), which is an integrated, secured and trusted architecture based on logical VMs' union, to separate the VMs with different sensitive and security needs from the whole cloud environment, and to meet different customer's security requirements. Experimental results demonstrate that these approaches are effective in isolating the resources with the same security requirements in a shared trusted zone which is built based on different security level. When resources need to migrate to the trusted zone, the Reliable Migration Policies will be automatically enforced and match the migrating resource to an applicable trusted zone in cloud or return a feedback concerning a suggestion. With Reliable Migration Protocol, the secure process of the migrating transaction can be guaranteed in IaaS cloud.

Wenjuan Li,Lingdi Ping

DOI: https://doi.org/10.1007/978-3-642-10665-1_7

2009-01-01

Abstract:Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

Sandeep Kumar,Abhisek Panda,Smruti R. Sarangi

2024-07-31

Abstract:Live migration of applications and VMs in data centers is an old and quintessential problem. In this large body of work, an important open problem still remains, which is the migration of secure enclaves (sandboxes) running on trusted execution environments (TEEs) like Intel SGX. Here, the decade-old stop-and-copy-based method is used, in which the entire application`s execution is stopped and the state is collected and transferred. This method has an exceedingly long downtime when we consider enclaves with large memory footprints. Better solutions have eluded us because of some design limitations posed by TEEs like Intel SGX, such as the opacity of data within enclaves (not visible to the OS/hypervisor) and the lack of mechanisms to track writes on secure pages. We propose a new technique, OptMig, to circumvent these limitations and implement secure enclave migration with a near-zero downtime. We rely on a short compiler pass and propose a novel migration mechanism. Our optimizations reduce the total downtime by 77-96% for a suite of Intel SGX applications that have multi-GB memory footprints. We show results for our system on a real cloud and in settings that use containers, VMs, and microVMs

Cryptography and Security

Andrew Machen,Shiqiang Wang,Kin K. Leung,Bong Jun Ko,Theodoros Salonidis

DOI: https://doi.org/10.1109/MWC.2017.1700011

2017-08-02

Abstract:Mobile edge clouds (MECs) bring the benefits of the cloud closer to the user, by installing small cloud infrastructures at the network edge. This enables a new breed of real-time applications, such as instantaneous object recognition and safety assistance in intelligent transportation systems, that require very low latency. One key issue that comes with proximity is how to ensure that users always receive good performance as they move across different locations. Migrating services between MECs is seen as the means to achieve this. This article presents a layered framework for migrating active service applications that are encapsulated either in virtual machines (VMs) or containers. This layering approach allows a substantial reduction in service downtime. The framework is easy to implement using readily available technologies, and one of its key advantages is that it supports containers, which is a promising emerging technology that offers tangible benefits over VMs. The migration performance of various real applications is evaluated by experiments under the presented framework. Insights drawn from the experimentation results are discussed.

Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Qingni Shen,Lizhe Zhang,Xin Yang,Yahui Yang,Zhonghai Wu,Ying Zhang

DOI: https://doi.org/10.1109/dasc.2011.114

2011-01-01

Abstract:With the development of cloud computing, cloud security issues have recently gained traction in the research community. Although much of the efforts are focused on securing the operation system and virtual machine, or securing data storage inside a cloud system, this paper takes an alternative perspective to cloud security-the security of data migration between different clouds. First, we describe some threats when we are doing data migration. Second, we propose a security mechanism to deal with the security issues on data migration from one cloud to another. Third, we design a prototype to give the mechanism a brief implementation based on HDFS (Hadoop Distributed File System) and we do a series of tests to evaluate our prototype. Here, the solutions to securing data migration between clouds mainly involve in SSL negotiation, migration ticket design and block encryption in distributed file system and cluster parallel computing.

Wenhao Wang,Linke Song,Benshan Mei,Shuang Liu,Shijun Zhao,Shoumeng Yan,XiaoFeng Wang,Dan Meng,Rui Hou

2024-10-24

Abstract:Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately $1.9\times$ -- $2.1\times$ higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.

Cryptography and Security,Hardware Architecture

Jinyu Gu,Bojun Zhu,Yubin Xia,Binyu Zang,Haibing Guan,Haibo Chen,Xinyu Wu

DOI: https://doi.org/10.1109/tc.2020.3019704

IF: 3.183

2020-01-01

IEEE Transactions on Computers

Abstract:The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD's SEV and, Enclavisor is placed in the guest kernel mode of SEV's secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.

engineering, electrical & electronic,computer science, hardware & architecture

Juhyeng Han,Seongmin Kim,Taesoo Kim,Dongsu Han

DOI: https://doi.org/10.1145/3342559.3365335

2019-01-01

Abstract:The hardware security module (HSM) has been used as a root of trust for various key management services. At the same time, rapid innovation in emerging industries, such as container-based microservices, accelerates demands for scaling security services. However, current on-premises HSMs have limitations to afford such demands due to the restricted scalability and high price of deployment. This paper presents ScaleTrust, a framework for scaling security services by utilizing HSMs with SGX-based key management service (KMS) in a collaborative, yet secure manner. Based on a hierarchical model, we design a cryptographic workload distribution between HSMs and KMS enclaves to achieve both the elasticity of cloud software and the hardware-based security of HSM appliances. We demonstrate practical implications of ScaleTrust using two case studies that require secure cryptographic operations with low latency and high scalability.

Gokul Narayanan,Saravanaguru Kannan

DOI: https://doi.org/10.34028/iajit/21/1/15

2024-01-01

The International Arab Journal of Information Technology

Abstract:Virtual Machine (VM) migration in cloud computing is essential to accomplishing various resource management goals, such as load balancing, power management, and resource sharing. Ensuring Quality of Service (QoS) is crucial while migrating VMs, which means that VMs must run continuously during the procedure. The dynamic nature of resource requirements in cloud computing, driven by “service-on-demand,” poses security risks, even while live VM migration mechanisms help to maintain VM availability. This paper addresses changing resource requirements and improves overall system security by introducing a novel method for safe live VM migration. In this paper, a robust optimization approach has been proposed for live VM migration named the Gorilla-based Shuffled Shepherd Optimization Approach (GBSSOA). The proposed approach maximizes the number of fitness targets, such as migration time, QoS parameters, and job runtime. The method takes into account trust values in addition to the previously described performance measures, with a focus on security. Key performance indicators QoS as workload, migration time, trust, and GBSSOA-based secure live VM migration are taken into account during the evaluation. The obtained values of 0.141, 0.654, 342.254ms, and 0.569, respectively, show noteworthy accomplishments in the results. These results highlight how well the strategy developed may simultaneously improve performance metrics and strengthen the security of live VM migration in dynamic cloud computing environments.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Yoshimichi Nakatsuka,Ercan Ozturk,Alex Shamis,Andrew Paverd,Peter Pietzuch

DOI: https://doi.org/10.48550/arXiv.2205.15359

2022-05-30

Cryptography and Security

Abstract:Hardware-based Trusted Execution Environments (TEEs) are becoming increasingly prevalent in cloud computing, forming the basis for confidential computing. However, the security goals of TEEs sometimes conflict with existing cloud functionality, such as VM or process migration, because TEE memory cannot be read by the hypervisor, OS, or other software on the platform. Whilst some newer TEE architectures support migration of entire protected VMs, there is currently no practical solution for migrating individual processes containing in-process TEEs. The inability to migrate such processes leads to operational inefficiencies or even data loss if the host platform must be urgently restarted. We present CTR, a software-only design to retrofit migration functionality into existing TEE architectures, whilst maintaining their expected security guarantees. Our design allows TEEs to be interrupted and migrated at arbitrary points in their execution, thus maintaining compatibility with existing VM and process migration techniques. By cooperatively involving the TEE in the migration process, our design also allows application developers to specify stateful migration-related policies, such as limiting the number of times a particular TEE may be migrated. Our prototype implementation for Intel SGX demonstrates that migration latency increases linearly with the size of the TEE memory and is dominated by TEE system operations.

Chenlin Huang,Wei Chen,Lu Yuan,Yan Ding,Songlei Jian,Yusong Tan,Hua Chen,Dan Chen

DOI: https://doi.org/10.1016/j.jpdc.2020.11.002

IF: 4.542

2021-03-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the rise of concerns over security and privacy in the cloud, the "security-on-demand" service mode dynamically provides cloud customers with trusted computing environments according to their specific security needs. Major challenges, however, remain to achieve this goal: (1) integrating an auditable, tamper-resistant trust-management mechanism into the cloud infrastructure and (2) building a protocol to guarantee the consistency of customers' policies during virtual machine (VM) migrations. This study develops a new security-on-demand framework called a "policy-customized trusted cloud service" (PC-TCS) architecture that comprises two core components: an attribute-based signature (ABS)-based remote-attestation scheme to achieve trusted remote attestation with customized security policies and an ABS- and blockchain-based VM-migration protocol to support policy-customized trusted migration. To prove the availability of this architecture, we implemented a PC-TCS prototype based on Xen Hypervisor, the results of which indicate that (1) PC-TCS can be integrated into cloud infrastructure as part of a trusted computing base; (2) cloud users can customize the security policies of computing environments and validate their enforcement throughout the service life-cycle with the support of PC-TCS; and (3) PC-TCS can support policy-customized remote attestation and policy-customized migration with a minimal impact on performance.</p>

computer science, theory & methods

Shengsheng Yao,Mingwei Xu,Qi Li,Jiahao Cao,Qiyang Song

DOI: https://doi.org/10.1109/globecom38437.2019.9013473

2019-01-01

Abstract:To reduce the management costs, outsourcing network function (NF) to the cloud becomes prevalent in enterprises. This trend is increasing with the advent of network function virtualization (NFV). However, such outsourcing cannot guarantee the order and security of service function chains(SFCs) as the cloud is susceptible to attacks. In this paper, we introduce credible SFC (cSFC), a practical scheme to build secure service function chains on the untrusted cloud, cooperating with encrypted transport protocols. cSFC simultaneously shields NFs from an untrusted cloud and preserves the order of SFC sequence. Meanwhile, this scheme supports a wide range of NF functionalities and preserves the privacy of session data. We implement the cSFC prototype, and the evaluation result shows that it is practical with acceptable performance.

Dimitrios Zissis,Dimitrios Lekkas

DOI: https://doi.org/10.1016/j.future.2010.12.006

IF: 7.307

2012-03-01

Future Generation Computer Systems

Abstract:The recent emergence of cloud computing has drastically altered everyone’s perception of infrastructure architectures, software delivery and development models. Projecting as an evolutionary step, following the transition from mainframe computers to client/server deployment models, cloud computing encompasses elements from grid computing, utility computing and autonomic computing, into an innovative deployment architecture. This rapid transition towards the clouds, has fuelled concerns on a critical issue for the success of information systems, communication and information security. From a security perspective, a number of unchartered risks and challenges have been introduced from this relocation to the clouds, deteriorating much of the effectiveness of traditional protection mechanisms. As a result the aim of this paper is twofold; firstly to evaluate cloud security by identifying unique security requirements and secondly to attempt to present a viable solution that eliminates these potential threats. This paper proposes introducing a Trusted Third Party, tasked with assuring specific security characteristics within a cloud environment. The proposed solution calls upon cryptography, specifically Public Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrity and confidentiality of involved data and communications. The solution, presents a horizontal level of service, available to all implicated entities, that realizes a security mesh, within which essential trust is maintained.

Mingxing Zhou,Peng Xiao,Qixu Wang,Shuhua Ruan,Xingshu Chen,Menglong Yang

DOI: https://doi.org/10.32604/cmes.2023.028612

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:Due to the need for massive device connectivity, low communication latency, and various customizations in 6G architecture, a distributed cloud deployment approach will be more relevant to the space-air-ground-sea integrated network scenario. However, the openness and heterogeneity of the 6G network cause the problems of network security. To improve the trustworthiness of 6G networks, we propose a trusted computing-based approach for establishing trust relationships in multi-cloud scenarios. The proposed method shows the relationship of trust based on dual-level verification. It separates the trustworthy states of multiple complex cloud units in 6G architecture into the state within and between cloud units. Firstly, SM3 algorithm establishes the chain of trust for the system’s trusted boot phase. Then, the remote attestation server (RAS) of distributed cloud units verifies the physical servers. Meanwhile, the physical servers use a ring approach to verify the cloud servers. Eventually, the centralized RAS takes one-time authentication to the critical evidence information of distributed cloud unit servers. Simultaneously, the centralized RAS also verifies the evidence of distributed RAS. We establish our proposed approach in a natural OpenStack-based cloud environment. The simulation results show that the proposed method achieves higher security with less than a 1% system performance loss.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Wuyang Zhang,Yi Hu,Yanyong Zhang,Dipankar Raychaudhuri

DOI: https://doi.org/10.1109/cloudcom.2016.0061

2016-01-01

Abstract:Edge cloud computing moves cloud services to the edge of the network, thereby allowing clients to access services with a significantly reduced network delay. This service migration is intended to enable a range of latency sensitive mobile applications. In this paper, we propose to manage user QoS by actively migrating services to different edge clouds in response to degraded server or network performance. Previous studies have proposed a distance-based Markov Decision Process (MDP) for optimizing migration decisions. These models provide the feasibility of applying MDP to edge cloud service migration decisions. However, these models fail to consider dynamic network and server states in migration decisions. In this work, we address these limitations by designing a comprehensive edge cloud migration decision system, which we call SEGUE. SEGUE achieves optimal migration decisions by providing a long-term optimal QoS to mobile users in the presence of link quality and server load variation. The basis of SEGUE is in its QoS-aware service migration and its state based MDP model which effectively incorporates the two dominant factors in making migration decisions: 1) network state, and 2) server state. An evaluation of SEGUE performance is given through an augmented reality application. Our results demonstrate that SEGUE reduces the response time of this application by 27.21% and 53.70% compared to the lowest load migration model and the least hop migration model, respectively.

Anna Galanou,Khushboo Bindlish,Luca Preibsch,Yvonne-Anne Pignolet,Christof Fetzer,Rüdiger Kapitza

2024-02-23

Abstract:Confidential computing alleviates the concerns of distrustful customers by removing the cloud provider from their trusted computing base and resolves their disincentive to migrate their workloads to the cloud. This is facilitated by new hardware extensions, like AMD's SEV Secure Nested Paging (SEV-SNP), which can run a whole virtual machine with confidentiality and integrity protection against a potentially malicious hypervisor owned by an untrusted cloud provider. However, the assurance of such protection to either the service providers deploying sensitive workloads or the end-users passing sensitive data to services requires sending proof to the interested parties. Service providers can retrieve such proof by performing remote attestation while end-users have typically no means to acquire this proof or validate its correctness and therefore have to rely on the trustworthiness of the service providers. In this paper, we present Revelio, an approach that features two main contributions: i) it allows confidential virtual machine (VM)-based workloads to be designed and deployed in a way that disallows any tampering even by the service providers and ii) it empowers users to easily validate their integrity. In particular, we focus on web-facing workloads, protect them leveraging SEV-SNP, and enable end-users to remotely attest them seamlessly each time a new web session is established. To highlight the benefits of Revelio, we discuss how a standalone stateful VM that hosts an open-source collaboration office suite can be secured and present a replicated protocol proxy that enables commodity users to securely access the Internet Computer, a decentralized blockchain infrastructure.

Cryptography and Security,Distributed; Parallel; and Cluster Computing