Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maru Hardware-Assisted Secure Cloud Computing

Published byHartono Kusuma Modified over 6 years ago

Similar presentations

Presentation on theme: "Maru Hardware-Assisted Secure Cloud Computing"— Presentation transcript:

1 Maru Hardware-Assisted Secure Cloud Computing
Uncontrolled copy when printed 19/11/2018 Maru Hardware-Assisted Secure Cloud Computing Jon Crowcroft (Alan Turing Institute/University of Cambridge) Peter Pietzuch (Imperial College) James Srinivasan (Dstl) Jon/Peter are PIs – important to note strong team behind them Involvement also from MOD ISS, GCHQ & NCSC UK OFFICIAL 19 November 2018 © Crown copyright 2018 Dstl © Crown copyright 2013 Dstl

2 Uncontrolled copy when printed
19/11/2018 Aims & objectives Defence & Security would like to use public cloud resources to host our ever-increasing workloads But much of our data & algorithms are sensitive… Provider’s trust model: CPU/Firmware/VMM/OS/sysadmins… trusted, apps are not User’s trust model: Trust my app, have to implicitly trust the cloud provider’s whole stack Is there a better way? App General industry trend to move to the Cloud whereby a third party (e.g. Amazon, Microsoft etc.) provides resources and infrastructure. These resources might be low-level (e.g. virtual machines – Infrastructure as a Service), medium level (e.g. Database as a Service) or high level (e.g. Salesforce CRM – Software as a Service). This trend is driven mostly by cost – building & operating a modern datacentre is hugely expensive, and cloud providers can take advantage of huge economies of scale and statistical multiplexing (workloads are often bursty, and (hopefully) not all at the same time). Also applicable to private clouds e.g. to prevent rogue sysadmins (Snowden) Also applicable to other sectors e.g. healthcare (patient records), finance (bank customer data) etc. As a cloud provider, I trust my staff, hypervisor (VMM), operating systems, sysadmin etc, but I don’t trust my users and the apps they might run. So I focus on e.g. stopping rogue apps accessing data from other cloud tenants. As a cloud user, I have to implicitly trust my provider and their full stack. Is there a better way? 19 November 2018 © Crown copyright 2018 Dstl © Crown copyright 2013 Dstl

3 Uncontrolled copy when printed
Current progress Uncontrolled copy when printed 19/11/2018 Approach: Use recent Intel “Software Guard Extensions” (SGX) technology to run application code in a hardware protected enclave sgx-lkl: Run unmodified Linux binaries in enclave Performance impact sgx-spark: Runs (some of) Apache Spark in enclave Provides confidentiality & integrity Vulnerable to side-channels JVM Spark (large) Spark (small) App OS App JVM SGX-LKL Sysadmins CPU Other HW VMM Note: In theory, homomorphic encryption is a (better?) solution to this problem, but hard to generalise and currently hugely slow (orders of magnitude). SGX enclave protects user code and data from interference even from higher privilege code (Ring 0 for Intel) SGX encrypts memory traffic so even an attacker sniffing the memory bus can’t (directly) infer the data and computation. The Linux Kernel Library (LKL) is a port of Linux that provides kernel functionality to applications. Sgx-lkl runs LKL inside an SGX enclave, so that unmodified Linux binaries can run inside the enclave Still have to trust CPU, but no longer have to trust firmware/VMM/OS/sysadmins and can decrease size of JVM and LKL footprint. Performance impact – early indications %, depending on whether have to page out due to limited enclave size (128MB). Apache Spark is a common big data / data science platform used across industry, including in defence & security. Current Intel hardware implementation limits enclave size to 128MB, so sgx-spark partitions Spark such that only the necessary portions run inside the enclave to retain reasonable performance. Confidentiality – data and processing hidden from attacker Integrity – attestation of code loaded into enclave Unfortunately during course of this work found that SGX vulnerable to both Spectre and Meltdown vulnerabilities. To be fair, Intel never claimed SGX would defend against side channel attacks. 19 November 2018 © Crown copyright 2018 Dstl © Crown copyright 2013 Dstl

4 Uncontrolled copy when printed
19/11/2018 Next steps Complete sgx-spark implementation & benchmark Further investigation of vulnerabilities & attacks Assess approach for other Data Science frameworks e.g. Apache Flink, TensorFlow, Apache Accumulo etc. Implementation by US DoD intern (TBC) Sgx-spark doesn’t yet support the full Spark API so can’t run arbitrary unmodified applications. Benchmark using real-world use cases – where I will (hopefully) be involved. Look at more side channels but also other (e.g. API) attacks. Assess whether approach taken to SGX-ify Spark is applicable to other Data Science frameworks Flink – like Spark TensorFlow – mostly used for deep learning from Google. May not be entirely suitable due to prevalence of GPU usage which don’t currently support enclaves. Accumulo – distributed key-value store widely used in Defence & Security Matt Zaber working as Turing Intern over summer via SMART programme ( and may try to SGX-ify Apache Storm, a popular platform for stream processing. 19 November 2018 © Crown copyright 2018 Dstl © Crown copyright 2013 Dstl

Download ppt "Maru Hardware-Assisted Secure Cloud Computing"

Similar presentations

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI 2014. Fall 2014 Presenter: Kun Sun, Ph.D. Most slides.

Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI Fall 2014 Presenter: Kun Sun, Ph.D. Most slides.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
A Case for Virtualizing Nodes on Network Experimentation Testbeds Konrad Lorincz Harvard University June 1, 2015June 1, 2015June 1, 2015.

A Case for Virtualizing Nodes on Network Experimentation Testbeds Konrad Lorincz Harvard University June 1, 2015June 1, 2015June 1, 2015.
NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.

NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University.
Network Implementation for Xen and KVM Class project for E6998-01: Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)

Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Evolution - not revolution Server resources are shared globally instead of locally Excess capacity for peak usage can be shared Backup, security and other.

Evolution - not revolution Server resources are shared globally instead of locally Excess capacity for peak usage can be shared Backup, security and other.
1 The Fast(est) Path to Building a Private/Hybrid Cloud October 25th, 2011 Paul Mourani RightScale.

1 The Fast(est) Path to Building a Private/Hybrid Cloud October 25th, 2011 Paul Mourani RightScale.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.

Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
CLOUD COMPUTING. What is cloud computing ? History Virtualization Cloud Computing hardware Cloud Computing services Cloud Architecture Advantages & Disadvantages.

CLOUD COMPUTING. What is cloud computing ? History Virtualization Cloud Computing hardware Cloud Computing services Cloud Architecture Advantages & Disadvantages.
Full and Para Virtualization

Full and Para Virtualization
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:

Bring Your Own Security (BYOS™): Deploy Applications in a Manageable Java Container with Waratek Locker on Microsoft Azure MICROSOFT AZURE ISV PROFILE:
Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

Similar presentations

Ads by Google