The problem is that, current cloud computing infrastructure only to protect the privileged code from the untrusted code, and does nothing to protect user's data from being accessed by privileged code.
To tickle this problem, the authors proposed their system called "Haven" for data protection. Basically, Haven tries to provide a cloud computing security level equivalent to a user operating their own hardware in a locked cage.
The nugget of Haven is to leverage Intel SGX ( software guard extensions) and build shielded execution on top of it. By doing so, it provide privilege code and physical attacks. In addition, since SGX cannot provide enough protection by using "isolation alone" technique.
Different from previous works, Haven is the first system to achieve shielded execution of unmodified legacy applications, which includes SQL Sever andApache on a OS and hardware.
Even though Haven can provide security data processing with the adversary has full control over physical package of the processor, currently Haven cannot protect user's data processing from any side-channel attacks.
I think Haven could still have impact since the data security issue over the cloud is become more and more important for people who use cloud services.
No comments:
Post a Comment