December 4 – 9, 2011, Dagstuhl Seminar 11491
Secure Computing in the Cloud
For support, please contact
- Computerclub Zwei, Folge 300 Wolfgang Back im Gespräch mit Prof. Dr. Ahmad-Reza Sadeghi, Technische Universität Darmstadt
Cloud computing offers IT resources, including storage, networking, and computing platforms, on an on-demand and pay-as-you-go basis. The high usability of today's cloud computing platforms makes this rapidly emerging paradigm very attractive for customers who want to instantly and easily provide web-services that are highly available and scalable to the current demands. In the most flexible and general cloud computing model ("Infrastructure as-a Service", IaaS), customers are able to run entire Virtual Machines (VMs) inside the Cloud. VM images function as templates from which a virtually unlimited number of VM instances can be instantiated.
Due to virtualisation, limited physical resources are made available for masses. The sharing of these resources and the complex configuration and maintenance of the needed infrastructure is accompanied by security threats. According to the Cloud Security Alliance (CSA), the major inhibitor of a widespread adaptation of cloud computing is the protection of data, as data is no longer under the physical control of the owner (in this case the cloud customer). The cloud provider has access to data stored on disks and data transferred through the cloud network. The fact, that the physical hardware of the cloud is shared with other customers, potentially with adversaries, further stresses the need to protect data in order to thwart the lack of physical control over the own data. Moreover, the outsourced computations must be entrusted to the cloud service provider and face the risk of
- Sloppy/Lazy provider:A provider that makes mistakes or simplifies computations. The sloppy and lazy provider might compromise the integrity of the result of computations. Verification of results would be a countermeasure here, for example by executing the computations on multiple, independent clouds.
- Greedy provider:A provider which reduces security in order to save money. Greedy providers are willing to violate policies for economic reasons, thereby exposing the data to insider or outsider threats.
- Malicious Tenant:A cloud customer (tenant) who is deliberately exploits security vulnerabilities to gain access to data or intellectual insight of processes and computations.
The CSA recommends the use of encryption to protect data in transit and data at rest. However, cryptography in the cloud faces two problems:
- cryptographic keys in a running VM instance are susceptible to run-time attacks like web server exploits, and
- key provisioning to a VM is not feasible when we assume the cloud provider has access to data and VM images stored on disk.
The participants of this seminar were mainly concerned with the privacy of computation or data with respect to the cloud provider. From concrete examples like doctor-patient-confidentiality while processing genomic data at a third party, to generic solutions that hide computations that are done at the cloud provider from the cloud provider itself. Additionally, means to verify the result of an outsourced computation with significantly less computational effort than performing the calculation itself. And last, but not least, even outlooks to ad-hoc clouds that are formed by mobile devices on-demand.