{"title":"Proceedings of the 2021 on Cloud Computing Security Workshop","authors":"","doi":"10.1145/3474123","DOIUrl":"https://doi.org/10.1145/3474123","url":null,"abstract":"","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121858861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Secure inference allows a server holding a machine learning (ML) inference algorithm with private weights, and a client with a private input, to obtain the output of the inference algorithm, without revealing their respective private inputs to one another. While this problem has received plenty of attention, existing systems are not applicable to a large class of ML algorithms (such as in the domain of Natural Language Processing) that perform featurization as their first step. In this work, we address this gap and make the following contributions: We initiate the formal study of secure featurization and its use in conjunction with secure inference protocols. We build secure featurization protocols in the one/two/three-server settings that provide a tradeoff between security and efficiency. Finally, we apply our algorithms in the context of secure phishing detection and evaluate our end-to-end protocol on models that are commonly used for phishing detection.
{"title":"Secure Featurization and Applications to Secure Phishing Detection","authors":"Akash Shah, Nishanth Chandran, Mesfin Dema, Divya Gupta, A. Gururajan, Huang Yu","doi":"10.1145/3474123.3486759","DOIUrl":"https://doi.org/10.1145/3474123.3486759","url":null,"abstract":"Secure inference allows a server holding a machine learning (ML) inference algorithm with private weights, and a client with a private input, to obtain the output of the inference algorithm, without revealing their respective private inputs to one another. While this problem has received plenty of attention, existing systems are not applicable to a large class of ML algorithms (such as in the domain of Natural Language Processing) that perform featurization as their first step. In this work, we address this gap and make the following contributions: We initiate the formal study of secure featurization and its use in conjunction with secure inference protocols. We build secure featurization protocols in the one/two/three-server settings that provide a tradeoff between security and efficiency. Finally, we apply our algorithms in the context of secure phishing detection and evaluate our end-to-end protocol on models that are commonly used for phishing detection.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133880866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the widespread use of Docker and Kubernetes, OS-level virtualization has become a key technology to deploy and run software. At the same time, data centers and cloud providers offer shared computing resources on demand. The use of these resources usually leads to a larger trusted computing base and less control over the data. We present a confidential computing concept for the migration of operating system containers in secure encrypted virtual machines so that these are protected from the operator and administrator. In our approach, processes inside of the containers remain intact, i.e., they keep their state and do not have to be restarted. Network services inside of the containers remain unchanged and reachable. This is typically called live migration. Integrity and confidentiality of the data inside of the containers is enforced during migration as well as on the destination platform, namely in transit, in use and at rest. The authenticity and integrity of the destination platform is verified using remote attestation before any data is transferred. While our core concept is not specific to a particular hardware, we present two different approaches corresponding to the first generation of AMD SEV as well as SEV-SNP. Our proof of concept implementation is based on the first generation of SEV.
{"title":"Live Migration of Operating System Containers in Encrypted Virtual Machines","authors":"Joana Pecholt, Monika Huber, Sascha Wessel","doi":"10.1145/3474123.3486761","DOIUrl":"https://doi.org/10.1145/3474123.3486761","url":null,"abstract":"With the widespread use of Docker and Kubernetes, OS-level virtualization has become a key technology to deploy and run software. At the same time, data centers and cloud providers offer shared computing resources on demand. The use of these resources usually leads to a larger trusted computing base and less control over the data. We present a confidential computing concept for the migration of operating system containers in secure encrypted virtual machines so that these are protected from the operator and administrator. In our approach, processes inside of the containers remain intact, i.e., they keep their state and do not have to be restarted. Network services inside of the containers remain unchanged and reachable. This is typically called live migration. Integrity and confidentiality of the data inside of the containers is enforced during migration as well as on the destination platform, namely in transit, in use and at rest. The authenticity and integrity of the destination platform is verified using remote attestation before any data is transferred. While our core concept is not specific to a particular hardware, we present two different approaches corresponding to the first generation of AMD SEV as well as SEV-SNP. Our proof of concept implementation is based on the first generation of SEV.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122617622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Today's network and computing infrastructure rests on inadequate foundations. An emerging, promising new foundation for computing is software-defined infrastructure (SDI), which offers a range of technologies including: compute, storage, and network virtualization; novel separation of concerns at the systems level; and new approaches to system and device management. As a representative example of SDI, software-defined networking (SDN) is a new networking paradigm that decouples the control logic from the closed and proprietary implementations of traditional network data plane infrastructure. SDN is now becoming the networking foundation for cloud/data-center, future Internet and 5G infrastructures. We argue that we should leverage software-defined infrastructure to design new methodologies and principles to make security programmable. In this talk, I will discuss some new opportunities as well as challenges in this new direction, and demonstrate with case studies from our recent research results. Our vision is that future security will be programmable thus more intelligent and powerful to secure a software-defined world.
{"title":"Programmable Security in the Age of Software-Defined Infrastructure","authors":"G. Gu","doi":"10.1145/3474123.3486765","DOIUrl":"https://doi.org/10.1145/3474123.3486765","url":null,"abstract":"Today's network and computing infrastructure rests on inadequate foundations. An emerging, promising new foundation for computing is software-defined infrastructure (SDI), which offers a range of technologies including: compute, storage, and network virtualization; novel separation of concerns at the systems level; and new approaches to system and device management. As a representative example of SDI, software-defined networking (SDN) is a new networking paradigm that decouples the control logic from the closed and proprietary implementations of traditional network data plane infrastructure. SDN is now becoming the networking foundation for cloud/data-center, future Internet and 5G infrastructures. We argue that we should leverage software-defined infrastructure to design new methodologies and principles to make security programmable. In this talk, I will discuss some new opportunities as well as challenges in this new direction, and demonstrate with case studies from our recent research results. Our vision is that future security will be programmable thus more intelligent and powerful to secure a software-defined world.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122970211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
While cloud computing is transforming society, today's public clouds are black boxes, implemented and operated by a single provider that makes all business and technology decisions. In 2013 we launched the Mass Open Cloud (MOC) with the vision of creating a production cloud that would enable innovation by a broad industry and research community. This open cloud has become a laboratory for cloud research and innovation, resulting in hundreds of publications, contributions to open source software, and collaborations between researchers, open source developers, and production operations staff. Recently we launched the Open Research Cloud Initiative (ORCI) to provide a framework to coordinate the bazaar of interrelated projects and initiatives that have evolved since 2013, including the Red Hat Collaboratory@BU, Open Cloud Testbed (OCT), New England Research Cloud (NERC), Northeast Storage Exchange (NESE), Operate First, and OpenInfra Labs. With its launch, the MOC inspired and enabled research in cloud security. For example, the Modular Approach to Cloud Security (MACS) SaTC NSF frontier project, launched in 2014, brought together cryptographers, operating system, database and computer architecture researchers from BU, MIT, UConn and NEU. This security research resulted in new open-source software and products that are today enabling new services in the ORCI bazaar. This talk will discuss the ORCI cloud bazaar, some of the security research and projects it inspired, and some exciting new collaborations happening now to make the cloud both open and secure.
{"title":"Security in a Cloud Bazaar","authors":"O. Krieger","doi":"10.1145/3474123.3486791","DOIUrl":"https://doi.org/10.1145/3474123.3486791","url":null,"abstract":"While cloud computing is transforming society, today's public clouds are black boxes, implemented and operated by a single provider that makes all business and technology decisions. In 2013 we launched the Mass Open Cloud (MOC) with the vision of creating a production cloud that would enable innovation by a broad industry and research community. This open cloud has become a laboratory for cloud research and innovation, resulting in hundreds of publications, contributions to open source software, and collaborations between researchers, open source developers, and production operations staff. Recently we launched the Open Research Cloud Initiative (ORCI) to provide a framework to coordinate the bazaar of interrelated projects and initiatives that have evolved since 2013, including the Red Hat Collaboratory@BU, Open Cloud Testbed (OCT), New England Research Cloud (NERC), Northeast Storage Exchange (NESE), Operate First, and OpenInfra Labs. With its launch, the MOC inspired and enabled research in cloud security. For example, the Modular Approach to Cloud Security (MACS) SaTC NSF frontier project, launched in 2014, brought together cryptographers, operating system, database and computer architecture researchers from BU, MIT, UConn and NEU. This security research resulted in new open-source software and products that are today enabling new services in the ORCI bazaar. This talk will discuss the ORCI cloud bazaar, some of the security research and projects it inspired, and some exciting new collaborations happening now to make the cloud both open and secure.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133229342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Use of game theory and mechanism design in cloud security is a well-studied topic. When applicable, it has the advantages of being efficient and simple compared to cryptography alone. Most analyses consider two-party settings, or multi-party settings where coalitions are not allowed. However, many cloud security problems that we face are in the multi-party setting and the involved parties can almost freely collaborate with each other. To formalize the study of disincentivizing coalitions from deviating strategies, a well-known definition named k-resiliency has been proposed by Abraham et al. (ACM PODC '06). Since its proposal, k-resiliency and related definitions are used extensively for mechanism design. However, in this work we observe the shortcoming of k-resiliency. That is, although this definition is secure, it is too strict to use for many cases and rule out secure mechanisms as insecure. To overcome this issue, we propose a new definition named ℓ-repellence against the presence of a single coalition to replace k-resiliency. Our definition incorporates transferable utility in game theory as it is realistic in many distributed and multi-party computing settings. We also propose m-stability definition against the presence of multiple coalitions, which is inspired by threshold security in cryptography. We then show the advantages of our novel definitions on three mechanisms, none of which were previously analyzed against coalitions: incentivized cloud computation, forwarding data packages in ad hoc networks, and connectivity in ad hoc networks. Regarding the former, our concepts improve the proposal by Küpçü (IEEE TDSC '17), by ensuring a coalition-proof mechanism.
{"title":"m-Stability: Threshold Security Meets Transferable Utility","authors":"O. Biçer, B. Yildiz, Alptekin Küpçü","doi":"10.1145/3474123.3486758","DOIUrl":"https://doi.org/10.1145/3474123.3486758","url":null,"abstract":"Use of game theory and mechanism design in cloud security is a well-studied topic. When applicable, it has the advantages of being efficient and simple compared to cryptography alone. Most analyses consider two-party settings, or multi-party settings where coalitions are not allowed. However, many cloud security problems that we face are in the multi-party setting and the involved parties can almost freely collaborate with each other. To formalize the study of disincentivizing coalitions from deviating strategies, a well-known definition named k-resiliency has been proposed by Abraham et al. (ACM PODC '06). Since its proposal, k-resiliency and related definitions are used extensively for mechanism design. However, in this work we observe the shortcoming of k-resiliency. That is, although this definition is secure, it is too strict to use for many cases and rule out secure mechanisms as insecure. To overcome this issue, we propose a new definition named ℓ-repellence against the presence of a single coalition to replace k-resiliency. Our definition incorporates transferable utility in game theory as it is realistic in many distributed and multi-party computing settings. We also propose m-stability definition against the presence of multiple coalitions, which is inspired by threshold security in cryptography. We then show the advantages of our novel definitions on three mechanisms, none of which were previously analyzed against coalitions: incentivized cloud computation, forwarding data packages in ad hoc networks, and connectivity in ad hoc networks. Regarding the former, our concepts improve the proposal by Küpçü (IEEE TDSC '17), by ensuring a coalition-proof mechanism.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123379313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xiaoqin Duan, Vipul Goyal, Hanjun Li, R. Ostrovsky, Antigoni Polychroniadou, Yifan Song
We propose ACCO: the first maliciously secure multiparty computation engine in the honest majority setting, which also supports secure and efficient comparison and integer truncation. Our system is also the first to achieve information theoretic security. We use ACCO to build an information theoretic privacy preserving machine learning system where a set of parties collaboratively train regression models in the presence of a malicious adversary. We report an implementation of our system and compare the performance against Helen, the work of Zheng, Popa, Gonzalez and Stoica (SP'19) which provided multiparty regression models secure against malicious adversaries. Our system offers a significant speedup over Helen.
{"title":"ACCO: Algebraic Computation with Comparison","authors":"Xiaoqin Duan, Vipul Goyal, Hanjun Li, R. Ostrovsky, Antigoni Polychroniadou, Yifan Song","doi":"10.1145/3474123.3486757","DOIUrl":"https://doi.org/10.1145/3474123.3486757","url":null,"abstract":"We propose ACCO: the first maliciously secure multiparty computation engine in the honest majority setting, which also supports secure and efficient comparison and integer truncation. Our system is also the first to achieve information theoretic security. We use ACCO to build an information theoretic privacy preserving machine learning system where a set of parties collaboratively train regression models in the presence of a malicious adversary. We report an implementation of our system and compare the performance against Helen, the work of Zheng, Popa, Gonzalez and Stoica (SP'19) which provided multiparty regression models secure against malicious adversaries. Our system offers a significant speedup over Helen.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116798278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Srdjan Capkun, Ercan Ozturk, Gene Tsudik, Karl Wüst
A versatile non-repudiation service that can be used directly and without application-specific modifications is desirable in many realistic use-cases. Since TLS is one of the most popular current means of secure communication, several proposals have been made for augmenting it with a general, flexible and efficient non-repudiation service. However, none of them offers sufficient robustness for scenarios that require high reliability. Also, they lack flexibility by requiring the party providing non-repudiable evidence to do so for all content transmitted within a given TLS session. In this paper, we propose ROSEN, an extension for TLS that provides non-repudiation using an efficient checkpointing mechanism that minimizes loss of evidence in the presence of faults in order to increase robustness and ensure reliability. In addition, ROSEN inherits privacy-preserving properties of prior methods and introduces selective non-repudiation which allows the party providing non-repudiable evidence to selectively and efficiently redact parts of the session so as to make them repudiable.
{"title":"ROSEN: RObust and SElective Non-repudiation (for TLS)","authors":"Srdjan Capkun, Ercan Ozturk, Gene Tsudik, Karl Wüst","doi":"10.1145/3474123.3486763","DOIUrl":"https://doi.org/10.1145/3474123.3486763","url":null,"abstract":"A versatile non-repudiation service that can be used directly and without application-specific modifications is desirable in many realistic use-cases. Since TLS is one of the most popular current means of secure communication, several proposals have been made for augmenting it with a general, flexible and efficient non-repudiation service. However, none of them offers sufficient robustness for scenarios that require high reliability. Also, they lack flexibility by requiring the party providing non-repudiable evidence to do so for all content transmitted within a given TLS session. In this paper, we propose ROSEN, an extension for TLS that provides non-repudiation using an efficient checkpointing mechanism that minimizes loss of evidence in the presence of faults in order to increase robustness and ensure reliability. In addition, ROSEN inherits privacy-preserving properties of prior methods and introduces selective non-repudiation which allows the party providing non-repudiable evidence to selectively and efficiently redact parts of the session so as to make them repudiable.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129502161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fair Exchange is a fundamental problem in the exchange of digital items with direct application to electronic commerce. In a fair exchange protocol, two parties want to exchange their corresponding items such that either both receive the other's item, or neither of them receives anything. It has been shown that fair exchange without a trusted third party (TTP) is not possible. Optimistic fair exchange protocols limit the role of TTP to the case that one of the parties misbehaves. OptiSwap (Eckey et al., 2020) is a fair exchange protocol for the exchange of confidential digital items with digital coins. OptiSwap uses a smart contract as the TTP and allows the buyer to use an interactive dispute resolution protocol with the seller (mediated through smart contract) to generate a proof of misbehaviour for a misbehaving seller. We show that OptiSwap's dispute resolution protocol leaks information about the item to the smart contract (public) which can completely reveal the item to the public, and this provides an opportunity for a malicious buyer to pose a credible threat to the fairness guarantee of the system. We propose and design privacy-enhanced OptiSwap that prevents the leakage of information and guarantees security and fairness of the exchange without significantly affecting the efficiency of the protocol. We prove security of the new protocol in an extension of the universal composability for non-monolithic adversaries, and implement and evaluate its efficiency against the original OptiSwap. We discuss our results and suggest directions for future research.
公平交换是直接应用于电子商务的数字物品交换中的一个基本问题。在一个公平的交换协议中,双方希望交换他们相应的物品,这样要么双方都收到对方的物品,要么双方都没有收到任何东西。事实证明,没有可信第三方(TTP)的公平交换是不可能的。乐观的公平交换协议将TTP的作用限制在一方行为不端的情况下。OptiSwap (Eckey et al., 2020)是一种公平的交换协议,用于用数字货币交换机密数字项目。OptiSwap使用智能合约作为TTP,并允许买方与卖方使用交互式争议解决协议(通过智能合约进行调解),为行为不端的卖方生成不当行为的证明。我们证明OptiSwap的争议解决协议将项目信息泄露给智能合约(public),从而将项目完全泄露给公众,这为恶意买家提供了对系统公平性保证构成可信威胁的机会。我们提出并设计了一种隐私增强的OptiSwap,在不显著影响协议效率的前提下,防止信息泄露,保证交换的安全性和公平性。我们在非单片对手的通用可组合性的扩展中证明了新协议的安全性,并在原始OptiSwap的基础上实现并评估了其效率。我们讨论了我们的结果,并提出了未来的研究方向。
{"title":"Privacy-enhanced OptiSwap","authors":"S. Avizheh, Preston Haffey, R. Safavi-Naini","doi":"10.1145/3474123.3486756","DOIUrl":"https://doi.org/10.1145/3474123.3486756","url":null,"abstract":"Fair Exchange is a fundamental problem in the exchange of digital items with direct application to electronic commerce. In a fair exchange protocol, two parties want to exchange their corresponding items such that either both receive the other's item, or neither of them receives anything. It has been shown that fair exchange without a trusted third party (TTP) is not possible. Optimistic fair exchange protocols limit the role of TTP to the case that one of the parties misbehaves. OptiSwap (Eckey et al., 2020) is a fair exchange protocol for the exchange of confidential digital items with digital coins. OptiSwap uses a smart contract as the TTP and allows the buyer to use an interactive dispute resolution protocol with the seller (mediated through smart contract) to generate a proof of misbehaviour for a misbehaving seller. We show that OptiSwap's dispute resolution protocol leaks information about the item to the smart contract (public) which can completely reveal the item to the public, and this provides an opportunity for a malicious buyer to pose a credible threat to the fairness guarantee of the system. We propose and design privacy-enhanced OptiSwap that prevents the leakage of information and guarantees security and fairness of the exchange without significantly affecting the efficiency of the protocol. We prove security of the new protocol in an extension of the universal composability for non-monolithic adversaries, and implement and evaluate its efficiency against the original OptiSwap. We discuss our results and suggest directions for future research.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"478 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133398413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The idea of data sovereignty has been at the core of various research activities over the last years, especially in Europe. The topic gained additional traction through various regulations and initiatives such as the EU General Data Protection Regulation (GDPR), the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and lastly, Gaia-X. While asserting digital control over your data is relatively easy in a closed ecosystem, such as your own on-premises or a community data space, it is infinitely more challenging in a public open ecosystem, such as the Cloud. On one hand, recent advantages in the field of confidential computing, such as the introduction of secure enclaves and encrypted virtual machine memory are promising new ways to enforce data sovereignty even in Cloud infrastructures. On the other hand, the mere existence of these techniques does not ensure an overall secure system, demonstrated by various flaws found in confidential computing techniques themselves, such as AMD SEV. So, the question remains if data sovereignty in the cloud is already reality or still wishful thinking? Keeping the requirements from initiatives such as Gaia-X and the EUCS in mind, this talk will explore what it means to achieve data sovereignty and security in the Cloud. It is important to understand, that it is not only necessary to implement appropriate security measures, but also (continuously) demonstrate the effectiveness of them. Therefore, this talk will show an overview of different technical means to leverage confidential computing for data sovereignty in the Cloud, especially using remote attestation and integrity verification. Furthermore, it will explore techniques to demonstrate the effectiveness of these measures with regards to regulation compliance. One such example is the MEDINA framework, which aims to continuously verify the requirements of EUCS and Gaia-X, both on the infrastructure as well as the application level in cloud systems.
{"title":"Data Sovereignty in the Cloud - Wishful Thinking or Reality?","authors":"Christian Banse","doi":"10.1145/3474123.3486792","DOIUrl":"https://doi.org/10.1145/3474123.3486792","url":null,"abstract":"The idea of data sovereignty has been at the core of various research activities over the last years, especially in Europe. The topic gained additional traction through various regulations and initiatives such as the EU General Data Protection Regulation (GDPR), the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and lastly, Gaia-X. While asserting digital control over your data is relatively easy in a closed ecosystem, such as your own on-premises or a community data space, it is infinitely more challenging in a public open ecosystem, such as the Cloud. On one hand, recent advantages in the field of confidential computing, such as the introduction of secure enclaves and encrypted virtual machine memory are promising new ways to enforce data sovereignty even in Cloud infrastructures. On the other hand, the mere existence of these techniques does not ensure an overall secure system, demonstrated by various flaws found in confidential computing techniques themselves, such as AMD SEV. So, the question remains if data sovereignty in the cloud is already reality or still wishful thinking? Keeping the requirements from initiatives such as Gaia-X and the EUCS in mind, this talk will explore what it means to achieve data sovereignty and security in the Cloud. It is important to understand, that it is not only necessary to implement appropriate security measures, but also (continuously) demonstrate the effectiveness of them. Therefore, this talk will show an overview of different technical means to leverage confidential computing for data sovereignty in the Cloud, especially using remote attestation and integrity verification. Furthermore, it will explore techniques to demonstrate the effectiveness of these measures with regards to regulation compliance. One such example is the MEDINA framework, which aims to continuously verify the requirements of EUCS and Gaia-X, both on the infrastructure as well as the application level in cloud systems.","PeriodicalId":109533,"journal":{"name":"Proceedings of the 2021 on Cloud Computing Security Workshop","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130440906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: