Notes about <VC3: Trustworthy Data Analytics in the Cloud using SGX>
2018-01-21 22:33
513 查看
Introduction
Typically, cloud usershope for the following security guarantees:
I Confidentiality and integrity for both code and data; i. e.,
the guarantee that they are not changed by attackers and
that they remain secret.
II Verifiability of execution of the code over the data; i. e.,
the guarantee that their distributed computation globally
ran to completion and was not tampered with.
We present Verifiable Confidential Cloud Computing (VC3),
a MapReduce framework that achieves the security guarantees
(I and II) formulated above, with good performance.
Our threat model accounts for powerful adversaries that may control
the whole cloud provider’s software and hardware infrastructure,
except for the certified physical processors involved in
the computation.
Denial-of-service, side-channels, and trafficanalysis
attacks are outside the scope of this work.
To keep the TCB small in our design, users simply write the usual map and reduce functions in C++, encrypt them, bind them to a small amount of code that implements our cryptographic protocols, and finally upload the code to the cloud.
On each worker node, the cloud operating system loads the code into a secure region within the address space of a process and makes use of the security mechanisms of SGX processors to make the region inaccessible to the operating system and the
hypervisor.
Subsequently, the code inside the region runs our key exchange protocol, decrypts the map and reduce functions, and runs the distributed computation that processes the data.
The second challenge is to guarantee integrity for the whole
distributed computation, since the processors guarantee only
integrity of memory regions on individual computers.
The final challenge is to protect the code running in the
isolated memory regions from attacks due to unsafe memory
accesses.
Background
Cryptographic Assumptions
EDigest(C) : for the SGX digest of an enclave’s initial content C. We refer to C as the code identity of an enclave. Intuitively, EDigest provides collision resistance;ESigp[C]{text}: for a quote from a QE with identity P that jointly signs H(text) and the EDigest(C) on behalf of an enclave with code identity C.
相关文章推荐
- Data Types in the Kernel <LDD3 学习笔记>
- Data Types in the Kernel <LDD3 学习笔记>
- The issue about using Git bash for Docker in window
- How to sort a Map<Key, Value> on the values in Java?
- The method setClass(Context, Class<?>) in the type Intent is not applicable for the问题
- Maven报错 解决方案。ERROR: No goals have been specified for this build. You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id
- 第五天(Using the Data Package in Sencha Touch)
- rror Code: 1175. You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column To disable safe mode, toggle the option in Preferences -> SQL Editor and reconnec
- 响应式微服务 in Java 译<五> --Verticles—the Building Blocks
- Using Renewable Energy in the Data Center
- UVA 11995 I Can Guess the Data Structure!<STL数据结构使用>
- Announcing Microsoft Research Open Data – Datasets by Microsoft Research now available in the cloud
- An unexpected version directory `Objective-C` was encountered for the'<xxx>'Pod in the `xxx`
- The constructor ArrayAdapter<String>(XListViewActivity, int, ArrayList<MyData>)
- A few notes about the CommDb (use in Symbian OS)
- 解决:Did not expect server HTML to contain the text node " " in <div>.
- 解决异常:IllegalStateException: Fragment <ThisFragment> is not currently in the FragmentManager
- IllegalStateException: <Fragment> is not currently in the FragmentManager
- Maven报错 解决方案。ERROR: No goals have been specified for this build. You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id
- 错误:The MagicAjax HttpModule is not included in web.config. Add [<httpModules><add name="MagicAjax" type="MagicAjax.Magic