Bushra AlBelooshi, K. Salah, T. Martin, E. Damiani
{"title":"在IaaS云模型中保护加密密钥","authors":"Bushra AlBelooshi, K. Salah, T. Martin, E. Damiani","doi":"10.1109/UCC.2015.64","DOIUrl":null,"url":null,"abstract":"Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.","PeriodicalId":381279,"journal":{"name":"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Securing Cryptographic Keys in the IaaS Cloud Model\",\"authors\":\"Bushra AlBelooshi, K. Salah, T. Martin, E. Damiani\",\"doi\":\"10.1109/UCC.2015.64\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.\",\"PeriodicalId\":381279,\"journal\":{\"name\":\"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/UCC.2015.64\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UCC.2015.64","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Securing Cryptographic Keys in the IaaS Cloud Model
Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
