Extending Trusted Computing to Cloud Services
22 Nov 2017 Wednesday, 03:00 PM to 04:30 PM
COM2 Level 4
Executive Classroom, COM2-04-02
Recent years have witnessed a rapidly growing reliance of various application domains on cloud services, mostly due to their manifold benefits including cost-effectiveness, scalability, availability, elasticity and fault-tolerance. Despite the many advantages, the cloud services have raised multiple security and privacy concerns. The chief reason behind these concerns stems from the untrustworthiness of the service providers that have various incentives to mine or leak sensitive information from users data. Even if the providers were trusted, other factors such as multi-tenancy, complexity of software stacks, and distributed computing models would continue to enlarge the attack surface.
In this proposal, we study security, privacy and fault-tolerance problems of the cloud services. We first show the insufficiency of existing techniques in protecting privacy of users data outsourced to the cloud. We then propose novel approaches to extend the trust- worthiness of commodity hardware primitives to the cloud services, in so doing enhance their security. In particular, we formulate a security notion of Proofs of Data Residency (PoDR) to attest if the outsourced data are retrievable in its entirety from local drives of a storage server in-question, and propose a secure PoDR scheme. Furthermore, we present Scramble-then-Compute (STC), an approach for enabling privacy-preserving computations at scale and at ease. We demonstrate the utility of STC by applying it to five major data management algorithms (i.e., sort, compaction, selection, aggregation and join), and showing that STC-algorithms achieve asymptotically optimal runtime. In the remaining of the thesis, we aim to present a systematization of knowledge for existing hardware assisted Byzantine consensus protocols, focusing on evaluating and contextualizing the effect of trusted subsystems on their scalability. We also explore how trusted hardware primitives can facilitate and simplify existing proposals on scaling Byzantine consensus protocols.