(A) virtualization-based approach to guarantee trusted execution for highly secure applications

Abstract

As computer systems become increasingly complicated, the number of vulnerability is increasing rapidly. This alarming trend threatens the safety of various applications. Especially it is very critical to security-sensitive applications containing intellectual property and confidential information. In this dissertation, we propose a virtualization-based approach to guarantee the trusted execution for highly secure applications. The first part of our study deals with a new cloud marketplace model to support code and data protection at rest, in use, and in motion for a cloud computing environment. Cloud application market- places of modern cloud infrastructures offer a new software deployment model, integrated with the cloud environment in its configuration and policies. However, as the traditional software distribution is suffer- ing from software piracy and reverse engineering, cloud marketplaces face the same challenges that can deter the success of the evolving ecosystem of cloud software. We present a novel system named CAFE for cloud infrastructures where sensitive software logic can be executed with high secrecy protected from any piracy or reverse engineering attempts in a virtual machine even when its operating system kernel is compromised. The key mechanism is the end-to-end framework for the execution of applications, which consists of the secure encryption and distribution of confidential application binary files, and the runtime techniques to load, decrypt, and protect the program logic by isolating them from tenant virtual machines based on hypervisor-level techniques. We evaluate applications in several software categories that are commonly offered in cloud marketplaces. We show that strong confidential execution can be provided with only marginal changes (around 100-220 lines of code) and minimal performance overhead. The results demonstrate the effectiveness and practicality of CAFE in cloud marketplaces. The second part of our study presents a way of handling trustworthy input and output in cloud computing. Geographic locations of user devices are widely used to provide rich user experience in various environments such as proximity-based marketing, travel information, and cloud computing. Especially, cloud service providers require to utilize actual cloud user’s locations in location-based cloud services like Amazon GovCloud. However, it is not trivial to obtain the trusted geolocations of the user devices because there are many points for attackers to forge the current geolocations of the cloud user devices. In order to solve this security issue, we propose a novel trusted geolocation framework for the cloud user device. The primary mechanism of the proposed framework is to deliver a trusted channel between a geolocation server and a tiny hypervisor in each mobile client. We leverage the Trusted Platform Module and dynamic root of trust measurement to attest the geolocations of the cloud devices securely. To show the feasibility of the proposed framework, we port Etherpad, a cloud word processor, into the trusted geolocation-based cloud service. We also evaluate the performance overhead of our framework in the cloud device and show that it causes only 8.3% overhead for JavaScript benchmark, which indicates the practicality of the proposed framework.