Cloud Security 李芮,蒋希坤,崔男 2018年4月
A Data Obliviate File System for Intel SGX Contents Cloud data 1 TenantGuard 2 A Data Obliviate File System for Intel SGX 3
Concerns Where’s data? Who has access? Do you have the right to audit? Anyone else can see it? Could the data be duplicated? ……
Cloud virtual networks Data privacy Liang K, Su C, Chen J, et al. Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data[C]// ACM on Asia Conference on Computer and Communications Security. ACM, 2016:83-94. Cloud virtual networks Majumdar S, Wang Y, Madi T, et al. TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation[C]// The Network and Distributed System Security Symposium. 2017. Verification A Ahmad, K Kim, MI Sarfaraz, et al. OBLIVIATE: A Data Oblivious File System for Intel SGX [C]//Network and Distributed Systems Security (NDSS) Symposium 2018
A Data Obliviate File System for Intel SGX Contents 1 Cloud data TenantGuard 2 A Data Obliviate File System for Intel SGX 3
For cloud data Homomorphic encryption For cloud computing Homomorphic Cloud data share Cloud data search Cloud-Based Encrypted Data
What’s Homomorphic? (同态) A way to delegate processing of your data, without giving away access to it. [Gen09] Example??
Example for Homomorphic
Application cloud computing Processing data Without access to get
Comparison for HE
Cloud Data share and search
Algorithm 𝑺𝒆𝒕𝒖𝒑→(𝒎𝒑𝒌,𝒎𝒔𝒌) 𝑼𝒑𝑻𝑲𝑮𝒆𝒏→ 𝒖𝒑𝒕𝒌 𝒘𝒊→𝒘𝒋 𝑲𝒆𝒚𝑮𝒆𝒏→( 𝒑𝒌 𝑰𝑫 , 𝒔𝒌 𝑰𝑫 ) 𝑹𝒆𝑬𝒏𝒄→𝑪𝑻 𝑬𝒏𝒄→𝑪𝑻 𝑼𝒑𝒅𝒂𝒕𝒆→𝑪𝑻 𝑻𝑲𝑮𝒆𝒏→𝑻𝑲 𝑺𝒆𝒂𝒓𝒄𝒉→𝟎/𝟏 𝑹𝒆𝑲𝒆𝒚𝑮𝒆𝒏→ 𝒓𝒌 𝑰𝒅𝒊→𝒊𝒅𝒋, 𝒘𝒊→𝒘𝒋 𝑫𝒆𝒄→𝒎
Data search phase
keyword description update and C share
Data sharing Privacy preservation allow any system user with valid decryption rights of an encrypted data to share his/her encrypted data to others efficiently and securely Given either a search token or keyword update token, a cloud server does not know any knowledge of the keyword(s) Given an original ciphertext or shared (reencrypted) ciphertext, a cloud server does not know any information of the underlying message as well as the keyword description tagged with the ciphertext.
Realization – Bilinear Map
A Data Obliviate File System for Intel SGX Contents 1 Cloud data TenantGuard 2 A Data Obliviate File System for Intel SGX 3
Paper Structure – Background of TenantGuard – Architecture of TenantGuard – Key Ideas of TenantGuard – Application of TenantGuard to OpenStack
Highlights
Isolation Breaches Isolation Breaches is one of the Biggest Security Concerns in Cloud.
Isolation Breaches One possible solution is: network isolation verification
Challenges of Network Isolation Verification
Existing Approaches
Network Isolation Verification
TenantGuard: Architecture
TenantGuard: Architecture
TenantGuard: Key Ideas
TenantGuard: Key Ideas
TenantGuard: Key Ideas
Hierarchical Virtual Network Model
Hierarchical Virtual Network Model
Baseline Approach
TenantGuard: Top-Down Verification
TenantGuard: Top-Down Verification
TenantGuard: Top-Down Verification
TenantGuard: Top-Down Verification
TenantGuard: Efficient Data Structure
TenantGuard: Efficient Data Structure
TenantGuard: Efficient Data Structure
TenantGuard: Efficient Data Structure
TenantGuard: Incremental Verification
Application to OpenStack
Performance Evaluation
Further Performance Improvement
Further Performance Improvement
Conclusion
Cloud data TenantGuard A Data Obliviate File System for Intel SGX Contents 1 Cloud data 2 TenantGuard A Data Obliviate File System for Intel SGX 3
Trend 1: Security and Privacy Critical Factors in Technology Adoption Demands for “security” and “privacy” are increasing Widespread use of Transport Layer Security (TLS) Popularity of anonymity networks (e.g., Tor) Use of strong authentication/encryption in WiFi Expectation on security and privacy impacts design decisions: Operating system (iOS, Android) Apps/services (e.g., messenger, adblocker) Network infrastructure (inter-domain SDN) I’d like to start by pointing out two big trends. First, security and privacy are becoming critical factors for technology adoption. Applications and services with enhanced security and privacy features are getting increasingly adopted. And they often impact our design decision. We see many examples like this in today’s market.
Trend 2: Commoditization of Trusted Execution Environment Trusted Execution Environment (TEE) Isolated execution: integrity of code, confidentiality Remote attestation Commoditization of TEE Trusted Platform Module (TPM) : Slow performance ARM TrustZone : Only available for embedded devices Intel Software Guard Extension (SGX) 1. Native performance 2. Compatibility with x86 The second trend is commoditization of trusted execution environments or TEEs. TEEs provide hardware-based mechanisms for isolated execution and remote attestation. While the idea and implementation has been around for a long time, it had several practical limitation. However, the newly released Intel SGX truly signals the commoditization by lifting off some of the limitations ; it gives native performance to software running in the secure mode and is compatible with x86. Imagine all our laptops and servers on the Cloud supportingTEE. We believe that The commoditization of TEE brings new opportunities for network applications because many network and middlebox applications run on x86.
Network Applications + TEE = ? What impact does TEE have on networking? Previous efforts: Adopting TEE to cloud platform Haven [OSDI’14] : Protects applications from an untrusted cloud VC3 [S&P’15] : Trustworthy data analytics in the cloud Network Applications TEE Enhanced security New design space New functionality Intel SGX
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
目录 Contents 4
谢谢!