Filters








853 Hits in 6.0 sec

Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment

Yuanfeng Wen, JongHyuk Lee, Ziyi Liu, Qingji Zheng, Weidong Shi, Shouhuai Xu, Taeweon Suh
2013 Proceedings of the ACM International Conference on Computing Frontiers - CF '13  
In this paper, we propose an architectural solution to the above problem in multi-processor cloud environments.  ...  One particularly challenging and important problem is: how can we protect the Virtual Machines (VMs) from being attacked by Virtual Machine Monitors (VMMs) and/or by the cloud vendors when they are not  ...  The main contributions of our work are: (i) design of an architectural solution for enhancing VM privacy protection in "untrusted" cloud environments; (ii) architectural solution for privacy protection  ... 
doi:10.1145/2482767.2482799 dblp:conf/cf/WenLLZSXS13 fatcat:xg6lndxekjh4xdfen6ebkamcka

Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks

Yubin Xia, Yutao Liu, Haibo Chen
2013 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA)  
The privacy and integrity of tenant's data highly rely on the infrastructure of multi-tenant cloud being secure.  ...  Each VM-Shim instance for a VM runs in a separate protected context and only declassifies necessary information designated by the VM to the hypervisor and external environments (e.g., through NICs).  ...  Supporting multi-chip processors and multi-processor will be our future work.  ... 
doi:10.1109/hpca.2013.6522323 dblp:conf/hpca/XiaLC13 fatcat:omfbgjuezreztonmj4ip7bwjim

Secure Virtualized Multi Tenancy Architecture in Cloud Computing using H-SVM

Sowmiya N. D, Shanthi S
2016 IJARCCE  
Multilateral Security concept to multi-tenancy cloud platform.  ...  It is difficult to analyse policies defined by consumers in the same virtualization platform in order to guarantee configuration stability given that policies may have conflicts leading to unpredictable  ...  Security and privacy protection is more important take in cloud computing and virtualization security is more important element of process in cloud computing.  ... 
doi:10.17148/ijarcce.2016.5125 fatcat:3vocfyp3bbgnro5dof2qckynfe

Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective [article]

Kha Dinh Duy, Taehyun Noh, Siwon Huh, Hojoon Lee
2021 arXiv   pre-print
This paper conducts a systematic and comprehensive survey by classifying attack vectors and mitigation in TEE-protected confidential ML computation in the untrusted environment, analyzes the multi-party  ...  ML computations are often inevitably performed in untrusted environments and entail complex multi-party security requirements.  ...  TEE-protected workloads in untrusted environments such as the cloud face a large attack surface.  ... 
arXiv:2111.03308v2 fatcat:kmklsqvzureilldvr4ui4azrwi

Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective

Kha Dinh Duy, Taehyun Noh, Siwon Huh, Hojoon Lee
2021 IEEE Access  
This paper conducts a systematic and comprehensive survey by classifying attack vectors and mitigation in TEE-protected confidential ML computation in the untrusted environment, analyzes the multi-party  ...  ML computations are often inevitably performed in untrusted environments and entail complex multi-party security requirements.  ...  TEE-protected workloads in untrusted environments such as the cloud face a large attack surface.  ... 
doi:10.1109/access.2021.3136889 fatcat:scrytvepkjafxblcqg3gjk5vqu

An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments [article]

Jämes Ménétrey, Christian Göttel, Marcelo Pasin, Pascal Felber, Valerio Schiavoni
2022 arXiv   pre-print
When used in conjunction with trusted execution environments, it guarantees that genuine code is executed even when facing strong attackers, paving the way for adoption in several sensitive application  ...  This paper reviews existing remote attestation principles and compares the functionalities of current trusted execution environments as Intel SGX, Arm TrustZone and AMD SEV, as well as emerging RISC-V  ...  Also, virtual machines are candidly open to the indiscretion of their cloud-based untrusted hosts.  ... 
arXiv:2204.06790v2 fatcat:vx56vhjfunarlooogupiq6st2u

A comparison study of intel SGX and AMD memory encryption technology

Saeid Mofrad, Fengwei Zhang, Shiyong Lu, Weidong Shi
2018 Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy - HASP '18  
CCS CONCEPTS • Security and privacy → Security in hardware; Systems security; Hardware security implementation; KEYWORDS Intel SGX, AMD SEV, hardware-supported security ACM Reference Format: Saeid Mofrad  ...  Hardware vendors have introduced a variety of hardwareassisted trusted execution environments including ARM TrustZone, Intel Management Engine, and AMD Platform Security Processor.  ...  ACKNOWLEDGMENTS We would like to thank Jacob Bednard for his help in preparing this paper.  ... 
doi:10.1145/3214292.3214301 dblp:conf/isca/MofradZLS18 fatcat:f6w3qugembdl3kcdn7vug6f5u4

TrApps

Stefan Brenner, David Goltzsche, Rüdiger Kapitza
2017 Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures - XDOMO'17  
In this paper we propose TrApps, a secure platform for generalpurpose trusted execution in an untrusted cloud with multiple isolated tenants based on the ARM TrustZone technology.  ...  With the recent advent of powerful ARM hardware targeted for data centres, there is the opportunity of using trusted execution technology provided by ARM TrustZone to enhance the protection of cloud customer's  ...  In this paper we propose TrApps (Trusted Apps), a platform for partitioned applications, tailored to an untrusted cloud environment.  ... 
doi:10.1145/3071064.3071069 fatcat:qde2rzbwqbdu5g6fgqxbcvmsza

TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud

Xiaoguang Wang, Yong Qi, Yuehua Dai, Yi Shi, Jianbao Ren, Yu Xuan
2014 Journal of Computers  
The Infrastructure as a Service (IaaS) cloud computing model is widely used in current IT industry, providing the cloud users virtual machines as the executing environment.  ...  For a user's executing environment faces threats from malicious cloud users who aim at attacking the underlying virtualization software (virtual machine monitor, VMM, or hypervisor).  ...  ACKNOWLEDGMENT We would like to thank Pilar Howard, Cancan Wang and all other anonymous reviewers for their comments and suggestions.  ... 
doi:10.4304/jcp.9.10.2303-2314 fatcat:vtvemobhqfc5rofsylxpvnizem

Detangling Resource Management Functions from the TCB in Privacy-Preserving Virtualization [chapter]

Min Li, Zili Zha, Wanyu Zang, Meng Yu, Peng Liu, Kun Bai
2014 Lecture Notes in Computer Science  
Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor.  ...  In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection.  ...  Ackknowledgement We thank all reviewers for their insightful comments. Meng Yu was supported by NSF CNS-1100221 and NSF IIP-1342664.  ... 
doi:10.1007/978-3-319-11203-9_18 fatcat:nkf5yijao5crxf57mhtjphbfoy

I-BiDaaS - D5.5: Federated Resource Management for Data Analytics v3

Enric Pages
2020 Zenodo  
The document also describes the preliminary work carried out on the distributed largescale layer, which is responsible for the orchestration and management of the underlying physical computational and  ...  The main purpose of these extensions is the protection of selected code parts and data from disclosure or modification in untrusted environments.  ...  Intel SGX is an ideal solution for untrusted environments. Cloud environments can be considered untrusted, since the user has minor control over aspects like the storage of the data.  ... 
doi:10.5281/zenodo.4608389 fatcat:7c5d3m2m6ff25jc6cpvohfww6i

CloudVisor

Fengzhe Zhang, Jin Chen, Haibo Chen, Binyu Zang
2011 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles - SOSP '11  
Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years.  ...  In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total  ...  In this paper, we propose an alternative approach that protects leased virtual machines in a multi-tenant cloud.  ... 
doi:10.1145/2043556.2043576 dblp:conf/sosp/ZhangCCZ11 fatcat:4z3ywg42enga5bhnqlev3mwbyq

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Daniele Sgandurra, Emil Lupu
2016 ACM Computing Surveys  
Virtualization technology enables Cloud providers to efficiently use their computing services and resources.  ...  In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered  ...  [Wen et al. 2013] propose a solution to protect VMs from VMMs in multi-processor Cloud environments by exploiting hardware mechanisms to enforce access control over the shared resources (e.g., memory  ... 
doi:10.1145/2856126 fatcat:hyacg4sfzjhdpmp6es3ki7nqlu

eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Haonan Sun, Rongyu He, Yong Zhang, Ruiyun Wang, Wai Hung Ip, Kai Leung Yung
2018 Sensors  
Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment.  ...  , and protect the integrity of Virtual Machines (VM) according to user-specific policies.  ...  trusted execution to support privacy and data confidentiality for sensitive applications in the cloud at scale.  ... 
doi:10.3390/s18113807 pmid:30404242 fatcat:fi4o7l4pirdt5arhx362igdnua

Running ZooKeeper Coordination Services in Untrusted Clouds

Stefan Brenner, Colin Wulf, Rüdiger Kapitza
2014 Hot Topics in System Dependability  
Cloud computing is a recent trend in computer science. However, privacy concerns and a lack of trust in cloud providers are an obstacle for many deployments.  ...  Maturing hardware support for implementing Trusted Execution Environments (TEEs) aims at mitigating these problems.  ...  With our solution, privacy-preserving ZooKeeper deployments in untrusted cloud environments are possible. This allows sensitive applications in the cloud to use ZooKeeper without privacy concerns.  ... 
dblp:conf/hotdep/BrennerWK14 fatcat:c5v5lkcpxbe6jnyq5jbu6e7smu
« Previous Showing results 1 — 15 out of 853 results