A secure cloud with minimal provider trust

Mosayyebzadeh, Amin; Ravago, Gerardo; Mohan, Apoorve; Raza, Ali; Tikale, Sahil; Scheer, Nabil; Hudson, Trammell; Hennessy, Jason; Ansari, Naved; Hogan, Kyle; Munson, Charles; Rudolph, Larry; Cooperman, Gene; Desnoyers, Peter; Krieger, Orran

A secure cloud with minimal provider trust

Files

hotcloud18-paper-mosayyebzadeh.pdf(295.29 KB)

Published version

Date

2018

Authors

Mosayyebzadeh, Amin

Ravago, Gerardo

Mohan, Apoorve

Raza, Ali

Tikale, Sahil

Scheer, Nabil

Hudson, Trammell

Hennessy, Jason

Ansari, Naved

Hogan, Kyle

Version

Published version

URI

https://hdl.handle.net/2144/37835

Citation

Amin Mosayyebzadeh, Gerardo Ravago, Apoorve Mohan, Ali Raza, Sahil Tikale, Nabil Scheer, Trammell Hudson, Jason Hennessy, Naved Ansari, Kyle Hogan, Charles Munson, Larry Rudolph, Gene Cooperman, Peter Desnoyers, Orran Krieger. 2018. "A Secure Cloud with Minimal Provider Trust." 10th USENIX Workshop on Hot Topics in Cloud Computing.

Abstract

Bolted is a new architecture for a bare metal cloud with the goal of providing security-sensitive customers of a cloud the same level of security and control that they can obtain in their own private data centers. It allows tenants to elastically allocate secure resources within a cloud while being protected from other previous, current, and future tenants of the cloud. The provisioning of a new server to a tenant isolates a bare metal server, only allowing it to communicate with other tenant's servers once its critical firmware and software have been attested to the tenant. Tenants, rather than the provider, control the tradeoffs between security, price, and performance. A prototype demonstrates scalable end-to-end security with small overhead compared to a less secure alternative.

License

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited. This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Assistant Secretary of Defense for Research and Engineering. Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work.

Collections

BU Open Access Articles
ENG: Electrical and Computer Engineering: Scholarly Papers

Full item page