(A) virtualization-based approach to guarantee trusted execution for highly secure applications = 높은 보안성을 요구하는 프로그램을 위한 가상화 기반 신뢰성 있는 실행 보장 기법 연구

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 259
  • Download : 0
As computer systems become increasingly complicated, the number of vulnerability is increasing rapidly. This alarming trend threatens the safety of various applications. Especially it is very critical to security-sensitive applications containing intellectual property and confidential information. In this dissertation, we propose a virtualization-based approach to guarantee the trusted execution for highly secure applications. The first part of our study deals with a new cloud marketplace model to support code and data protection at rest, in use, and in motion for a cloud computing environment. Cloud application market- places of modern cloud infrastructures offer a new software deployment model, integrated with the cloud environment in its configuration and policies. However, as the traditional software distribution is suffer- ing from software piracy and reverse engineering, cloud marketplaces face the same challenges that can deter the success of the evolving ecosystem of cloud software. We present a novel system named CAFE for cloud infrastructures where sensitive software logic can be executed with high secrecy protected from any piracy or reverse engineering attempts in a virtual machine even when its operating system kernel is compromised. The key mechanism is the end-to-end framework for the execution of applications, which consists of the secure encryption and distribution of confidential application binary files, and the runtime techniques to load, decrypt, and protect the program logic by isolating them from tenant virtual machines based on hypervisor-level techniques. We evaluate applications in several software categories that are commonly offered in cloud marketplaces. We show that strong confidential execution can be provided with only marginal changes (around 100-220 lines of code) and minimal performance overhead. The results demonstrate the effectiveness and practicality of CAFE in cloud marketplaces. The second part of our study presents a way of handling trustworthy input and output in cloud computing. Geographic locations of user devices are widely used to provide rich user experience in various environments such as proximity-based marketing, travel information, and cloud computing. Especially, cloud service providers require to utilize actual cloud user’s locations in location-based cloud services like Amazon GovCloud. However, it is not trivial to obtain the trusted geolocations of the user devices because there are many points for attackers to forge the current geolocations of the cloud user devices. In order to solve this security issue, we propose a novel trusted geolocation framework for the cloud user device. The primary mechanism of the proposed framework is to deliver a trusted channel between a geolocation server and a tiny hypervisor in each mobile client. We leverage the Trusted Platform Module and dynamic root of trust measurement to attest the geolocations of the cloud devices securely. To show the feasibility of the proposed framework, we port Etherpad, a cloud word processor, into the trusted geolocation-based cloud service. We also evaluate the performance overhead of our framework in the cloud device and show that it causes only 8.3% overhead for JavaScript benchmark, which indicates the practicality of the proposed framework.
Advisors
Han, Taisookresearcher한태숙researcher
Description
한국과학기술원 :전산학부,
Publisher
한국과학기술원
Issue Date
2017
Identifier
325007
Language
eng
Description

학위논문(박사) - 한국과학기술원 : 전산학부, 2017.2,[v, 69 p. :]

Keywords

virtualization; trusted execution environment; hypervisor; trusted sensing; code protection; 가상화; 안전한 실행환경; 하이퍼바이저; 신뢰성 있는 센싱; 코드 보호

URI
http://hdl.handle.net/10203/242077
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=675852&flag=dissertation
Appears in Collection
CS-Theses_Ph.D.(박사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0