Upload File

vc3: trustworthy data analytics in the cloud using sgx · software stack in a cloud provider’s...

  • Home
  • Documents
  • VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when
18
VC3: Trustworthy Data Analytics in the Cloud using SGX Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis ´ Marcus Peinado, Gloria Mainar-Ruiz, Mark Russinovich Microsoft Research

Upload: others

Post on 15-Aug-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

VC3: Trustworthy Data Analytics in the Cloud using SGX

FelixSchuster∗,ManuelCosta,CedricFournet,ChristosGkantsidis´MarcusPeinado,GloriaMainar-Ruiz,MarkRussinovich

MicrosoftResearch

Page 2: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Outline

•  Introduction•  Background•  DesignOverview•  JobDeployment•  JobExecutionandVerification•  RegionalSelf-Integrity•  Implementation•  Evaluation•  RelatedWork•  Conclusion

Page 3: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Introduction

• Cloudprovidersallowcomputersintodatacentersandmakethemavailableon-demand• Usershavetheabilitytorentoutcomputingcapacitytorunlarge-scaledistributedcomputationsbasedonframeworkslikeMapReduce• Amajorconcernforusersistheabilitytotrustthecloudproviderwiththeircodeanddata

Page 4: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Introduction (cont’d)

• Concerns:•  Singlemaliciousinsiderwithadminaccessinthecloudcanleakormanipulatesensitiveuserdata•  Externalattackersattempttoaccessdata(e.g.exploitvulnerabilitiesinanOS)•  Externalattackersmaytamperwithusers’computations

• CloudUserExpectations•  Confidentialityandintegrityforbothcodeanddata•  Verifiabilityofexecutionofthecodeoverdata

• MultipartycomputationtechniquesmayaddressthesedemandsusingFullyHomomorphicEncryption(FHE)•  However,FHEisnotefficientformostcomputations

Page 5: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Introduction (cont’d)

• VerifiableConfidentialCloudComputing(VC3)•  AsystemthatallowsuserstorunMapReducecomputationsinthecloudwhilekeepingtheircodeanddatasecretandensuringcorrectnessandcompletenessoftheirresults

•  ThreatModel•  Powerfulattackersthatmayhavetheabilitytocontrolthewholecloudproviderssoftwareandhardwareinfrastructure

•  ToolsUsed•  TrustedSGXprocessors•  RananunmodifiedHadoop

Page 6: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Introduction (cont’d)

• Challenges:•  PartitionthesystemintotrustedanduntrustedpartstominimizeitsTCB•  Guaranteeintegrityforthewholedistributedcomputation•  Protectthecoderunningintheisolatedmemoryregionsfromattacksduetounsafememoryaccesses

Page 7: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Background

• MapReduce•  Apopularprogrammingmodelforprocessinglargedatasets:userswritemapandreducefunctions,andexecutionoffunctionsisautomaticallyparallelizedanddistributed

•  IntelSGX•  Setofx86-64ISAextensions

•  Setsupprotectedexecutionenvironments(calledenclaves)withoutrequiringtrustinanythingbutprocessorandcodeputintheenclaves

Page 8: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Adversary Model

• Awareofexternalattackersthatmaytrytocontroltheentiresoftwarestackinacloudprovider’sinfrastructure,includingthehypervisorandOS• AssumetheattackerisunabletophysicallyopenandmanipulatetatleasttheSGX-enabledprocessorpackages

Page 9: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Design Overview

• Goal:Maintainconfidentialityandintegrityofcodeanddata• ResearchersdesignedVC3toachievegoodperformanceandkeeplargesoftwarecomponentsoutoftheTCB• VC3allowsuserstoimplementMapReducejobsbywriting,testing,anddebuggingmapandreducefunctions• Whenmapandreducefunctionsarereadyforproduction,userscompileandencryptthecode,andobtainaprivateenclaveE-code•  Inthecloud,enclavescontainingE-andE+areinitializedandl

Page 10: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Design Overview

Page 11: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Job Deployment

• Afterthedeploymentofauserscodetothecloud,cryptographicprotocolsareexchangedandtheactualMapReducejobexecutionstarts• CloudAttestation

•  SGXremoteattestationforenclavesisachievedthroughquotesissuedbyQE•  Threatmodelexcludesphysicalattacks,todefendagainstsuchattacks,theyusedanadditionalCloudQE•  CloudQEwascreatedbythecloudproviderwhenanewSGX-enabledsystemiscreated

Page 12: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Job Deployment

• KeyExchange•  ToexecuteMapReducejobs,enclavesneedtogetkeystodecrypttheresults•  ResearcherscreatedtheirownkeyexchangeprotocolwhichisdesignedtoimplementaconventionalMapReducejobthatworkswithHadoop

Page 13: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Job Execution & Verification

• Keyexchangesandencryptioncodewillhelpcodeanddatabesafefromattacks• ResearchershavetoencryptdatainaMapReducejobandthiscapabilityneedstoworkwithinHadoop

Page 14: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Region Self-Integrity

•  Finalaspectofdesignistoenforcearegionofself-integrityforusercodeloadedintoenclaves•  Establishefficientcommunicationchannels

•  Leadstoabroadenattacksurfaceonenclaves•  Twosolutions:

•  Region-write-integrity•  Region-read-write-integrity

Page 15: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Discussion

•  SeveralAttackScenarios:•  InformationLeakage

•  OnebasicprincipleofMapReduceisthatkey-valuepairswiththesamekeyneedtobeprocessedbythesamereducer

•  Anetworkattackercancountthenumberofpairsbeingdeliveredandchangethepairs•  ReplayAttacks

•  AttackerscantrytofullyorpartiallyreplayapastMapReducejob

Page 16: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Implementation

• VC3wasimplementedusingC++forWindows64-bitandHDInsightdistributionofHadoop•  SGXEmulation

•  ResearchersimplementedVC3inanSGXEmulatorwhichwassuccessful•  Aswell,createdtheirownemulator,howevertheemulatordoesnotprovidesecurityguarantees

Page 17: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Evaluation

• Researcherschoseamixofreal-worldapplicationsandbenchmarkstoevaluatetheVC3system•  ThefollowingtableshowstheapplicationsusedtoevaluateVC3

Page 18: VC3: Trustworthy Data Analytics in the Cloud using SGX · software stack in a cloud provider’s infrastructure, including the ... • Cloud QE was created by the cloud provider when

Conclusion

• VC3createdasanapproachfortheverifiableandconfidentialexecutionofMapReducejobsinuntrustedcloudenvironments• VC3isabletobesuccessfulimplementedandhasstrongsecurityguarantees• VC3isabletoachievesecurecloudcomputations


SERVICE PROVIDER’S MANUAL - JICA

Technical Report MSR-TR-2014-39 · 2014-12-17 · Technical Report MSR-TR-2014-39 VC3: Trustworthy Data Analytics in the Cloud Felix Schuster*, Manuel Costa, Cedric Fournet, Christos

Provider’s Perspective on the Future

SYLLABUS 2020 - vc3.vatelconnect.com

WHITE PAPER CLOUD-ENABLED CORE BANKING...Cloud-based core banking means migrating the bank’s core to a cloud provider, to exploit the provider’s computing, tooling and operations

How will AB 32 -Global Warming Solutions Act - Affect ...vric.ucdavis.edu/ucd-access/VC3 workgroup/vc3-2008-09...1 How will AB 32 -Global Warming Solutions Act - Affect California

EPO2day 2019 VC3 CII

Identity in the Cloud Use Cases Version 1.0 · Web viewBased on policy, the authentication process between the Enterprise User providing credentials, the Cloud Provider’s Application

Jim Thompson, POSTHARVEST SPECIALISTS …vric.ucdavis.edu/ucd-access/VC3 workgroup/vc3-2008-09/2009 VC3 1e... · • Postharvest diseases • Mechanical injury • PHOTOS 140 Fruits

A PROVIDER’S GUIDE TO PUTTING THE HCBS RULE INTO …A PROVIDER’S GUIDE TO PUTTING THE HCBS RULE INTO PRACTICE . This provider’s guide contains informational guidance, best practices

CLOUD SERVICE REVENUE MANAGEMENT...provider’s revenue. Thus, it is necessary to take a closer look at the requirements and the basic underlying decision problem that cloud providers

Miscellaneous Design, SAS questionsvric.ucdavis.edu/ucd-access/VC3 workgroup/vc3-2008-09/2009 VC3 7a... · –Pontius Pilate • Removing outliers ... (Taylor) Polynomial curve fitting

Mobility: Achievements and Challenges · Cloud Computing summary Service Models Software as a Service (SaaS) Consumer can use the provider’s applications running on a cloud Applications

Democratize Serverless Platform With Knative · 2019. 9. 12. · cloud provider’s serverless platform. Two built-in types: - Concurrency based autoscaler - CPU usage based autoscaler

Data-Intensive Distributed Computing - Roegiest · Serverless Architectures Doesn’t mean you don’t have servers Just that managing them is the cloud provider’s problem Write

Ruppa K. Thulasiram Slide 1/24 Resource Provisioning Policies to Increase IaaS Provider’s Profit in a Federated Cloud Environment Adel Nadjaran Toosi *,

NEGOTIATING FOR CLOUD SERVICES · Do you see the integration of various cloud service offerings as part of common business solutions: 10 Buyer’s Perspective Provider’s Perspective

VC3: Trustworthy Data Analytics in the Cloud Using Intel SGX

VC3: Trustworthy Data Analytics in the Cloud using SGXwebpages.eng.wayne.edu/~fy8421/18fa-csc6991/slides/shikha-vc3.pdf · Microsoft Research Outline • Introduction • Background

Citrix Workspace Cloud Oct15 - Amazon Web Services...Traditional Citrix products Lifecycle Management Service App and Desktop Service Mobility Service Secure Document Service Provider’s

Securing Cloud-assisted Services5 Securing cloud storage Client-side encryption of user data is desirable But naïve client-side encryption conflicts with • Storage provider’s

SHELTER FROM THE STORM - Bedell · In the cloud, the location of the provider’s data centres may have consequences for a business. If the cloud that hosts your data has servers

Colin Gover - Marina View School [email protected] Load VC3

Powering the Cloud-Based HPC Revolution - Ansys€¦ · They must work with a public cloud provider, create an account and install software to run on the cloud provider’s hardware

Understanding The Cloud Services Provider · 2019-12-12 · Make sure your provider’s business model aligns with its cloud strategy road map, and have a tactical plan to fill in

Shielding applications from an untrusted cloud...•We assume a malicious cloud provider •Convenient proxy for real threats •All the provider’s software is malicious •Hypervisor,

Identity in the Cloud Gap Analysis Version 1.0docs.oasis-open.org/id-cloud/IDCloud-gap/v1.0/cnprd01/ID... · Web viewThe Cloud Provider’s Identity Mgmt. System is able to handle

LAW IN THE DIGITAL AGE TECHNOLOGY S IMPACT ON … · Counsel must consider all of those factors before selecting a cloud-based provider. Consultation of the cloud-based provider’s

Understanding Your Cloud Service Provider’s BAA

Cloud Computing; - Chapters Site · Cloud Computing; What is it, ... – The Developer’s Cloud / Develop and deploy applications you created or acquired using the PaaS provider’s

VC3: Trustworthy Data Analytics in the Cloud using SGX

provider’s periodic

Single Sign-On for Forcepoint Web Security Cloud · Single Sign-On for Forcepoint Web Security Cloud 4 c. If applicable, add the identity provider’s hostnames as non-proxied domains

Cloud Services and Security Spotlight - VITA · percent of respondents use their cloud provider’s security tools and 35 percent deploy third-party security software to ensure the

Selected Topics in Cloud Computing - michiard/teaching/slides/clouds/cloud...Cloud Software as a Service \ 匀愀愀匀尩. The capability provided to the consumer is to use the provider’s