December 4 – 9 , 2011, Dagstuhl Seminar 11491

Secure Computing in the Cloud


Benny Pinkas (Bar-Ilan University – Ramat Gan, IL)
Ahmad-Reza Sadeghi (TU Darmstadt, DE)
Nigel P. Smart (University of Bristol, GB)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 1, Issue 12 Dagstuhl Report
List of Participants
Dagstuhl Seminar Schedule [pdf]

Press Room


Cloud computing offers IT resources, including storage, networking, and computing platforms, on an on-demand and pay-as-you-go basis. The high usability of today's cloud computing platforms makes this rapidly emerging paradigm very attractive for customers who want to instantly and easily provide web-services that are highly available and scalable to the current demands. In the most flexible and general cloud computing model ("Infrastructure as-a Service", IaaS), customers are able to run entire Virtual Machines (VMs) inside the Cloud. VM images function as templates from which a virtually unlimited number of VM instances can be instantiated.

Problem Description

Due to virtualisation, limited physical resources are made available for masses. The sharing of these resources and the complex configuration and maintenance of the needed infrastructure is accompanied by security threats. According to the Cloud Security Alliance (CSA), the major inhibitor of a widespread adaptation of cloud computing is the protection of data, as data is no longer under the physical control of the owner (in this case the cloud customer). The cloud provider has access to data stored on disks and data transferred through the cloud network. The fact, that the physical hardware of the cloud is shared with other customers, potentially with adversaries, further stresses the need to protect data in order to thwart the lack of physical control over the own data. Moreover, the outsourced computations must be entrusted to the cloud service provider and face the risk of

  • Sloppy/Lazy provider:A provider that makes mistakes or simplifies computations. The sloppy and lazy provider might compromise the integrity of the result of computations. Verification of results would be a countermeasure here, for example by executing the computations on multiple, independent clouds.
  • Greedy provider:A provider which reduces security in order to save money. Greedy providers are willing to violate policies for economic reasons, thereby exposing the data to insider or outsider threats.
  • Malicious Tenant:A cloud customer (tenant) who is deliberately exploits security vulnerabilities to gain access to data or intellectual insight of processes and computations.

The CSA recommends the use of encryption to protect data in transit and data at rest. However, cryptography in the cloud faces two problems:

  1. cryptographic keys in a running VM instance are susceptible to run-time attacks like web server exploits, and
  2. key provisioning to a VM is not feasible when we assume the cloud provider has access to data and VM images stored on disk.

Seminar Topics

The participants of this seminar were mainly concerned with the privacy of computation or data with respect to the cloud provider. From concrete examples like doctor-patient-confidentiality while processing genomic data at a third party, to generic solutions that hide computations that are done at the cloud provider from the cloud provider itself. Additionally, means to verify the result of an outsourced computation with significantly less computational effort than performing the calculation itself. And last, but not least, even outlooks to ad-hoc clouds that are formed by mobile devices on-demand.


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.