Secure Outsourced Computation in a Multi-Tenant Cloud. Seny Kamara - Microsoft Research Mariana Raykova - Columbia

Similar documents
UC4 AUTOMATED VIRTUALIZATION Intelligent Service Automation for Physical and Virtual Environments

Licensing Windows Server 2012 R2 for use with virtualization technologies

Licensing Windows Server 2012 for use with virtualization technologies

State of Wisconsin DET Agency Managed Virtual Services Service Offering Definition

Data Protection Policy & Procedure

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM

Securely Managing Cryptographic Keys used within a Cloud Environment

2. When logging is used, which severity level indicates that a device is unusable?

Data Protection Act Data security breach management

Process Automation With VMware

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc.

Level 1 Technical. RealPresence Web Suite and Web Suite Pro. Contents

CHECKING ACCOUNTS AND ATM TRANSACTIONS

Interactive Catchment Plan Project Brief. Background to the organisation. How will we achieve this? What is a rivers trust?

Towards Novel Certification Models in Cloud Infrastructures (the CUMULUS approach)

Microsoft Exchange 2010 on VMware Design and Sizing Examples

Electronic Data Interchange (EDI) Requirements

Copernicus & Big Data: A Perspective from the European EO Services Industry. Geoff Sawyer: EARSC Secretary General

Session 9 : Information Security and Risk

Enterprise Content Management Solutions. R. Gregory Tschida Chief Information Officer MN.IT Minnesota Department of Revenue

How Does Cloud Computing Work?

India vs. China The Outsourcing War

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp

Fermilab Time & Labor Desktop Computer Requirements

In addition to assisting with the disaster planning process, it is hoped this document will also::

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.

State of Wisconsin. File Server Service Service Offering Definition

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Information Services Hosting Arrangements

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

Cloud Services Frequently Asked Questions FAQ

A Walk on the Human Performance Side Part I

NAVIPLAN PREMIUM LEARNING GUIDE. Existing insurance coverage

FAQs for Webroot SecureAnywhere Identity Shield

TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

NextGenJustice Florida attorneys have prepared the following Frequently Asked Questions to help you with your uncontested divorce.

Personal Data Security Breach Management Policy

366 Degrees Gaining Extra Degrees of Success

Customers FAQs for Webroot SecureAnywhere Identity Shield

Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

RECOMMENDATIONS SECURITY ONLINE BANK TRANSACTIONS. interests in the use of IT services, such as online bank services of Société Générale de Banques au

Security Support in Mobile Platforms (part I) Vincent Naessens - MSEC

INTEGRATION OVERVIEW. Introduction Authentication methods Learning management system (LMS) integration methods AICC standard...

How To Use Citrix Xendesktp 4 With Flexcast

IN-HOUSE OR OUTSOURCED BILLING

Trends and Considerations in Currency Recycle Devices. What is a Currency Recycle Device? November 2003

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

PROCESSING THROUGH MPS and AVIMARK

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

The 3Dnet Cloud - are you connected yet?

Some Statistical Procedures and Functions with Excel

Network Security Trends in the Era of Cloud and Mobile Computing

Software as a Service. Haojie Hang Ogheneovo Dibie

Microsoft has released Windows 8.1, a free upgrade to Windows 8. Follow the steps below to upgrade to Windows 8.1.

Copyright 2013, SafeNet, Inc. All rights reserved. We have attempted to make these documents complete, accurate, and

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

Gateway Agent - First Amendment to the High Level Design Document

Microsoft SQL Server Administration

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy

Service Desk Self Service Overview

E-Commerce-SWOT Analysis

Personal Selling. Lesson Objectives Meaning of Personal Selling

WEB APPLICATION SECURITY TESTING

1)What hardware is available for installing/configuring MOSS 2010?

Transcription:

Secure Outsurced Cmputatin in a Multi-Tenant Clud Seny Kamara - Micrsft Research Mariana Raykva - Clumbia

Outsurced Cmputatin (x, f ) f (x) IBM WCSC 2

The Clud IBM WCSC 3

Virtualized Servers App1 App2 App App OS OS Hypervisr Hardware OS IBM WCSC 4

Multi-Tenancy Virtualizatin enables multi-tenancy VMs frm different clients run n the same server Multi-tenancy allws clud peratr t Optimize resurces usage This all leads t $ saved fr clients App1 App2 App App OS Hypervisr Hardware OS OS IBM WCSC 5

Multi-Tenancy Multi-tenancy is indispensible t clud cmputing This is where part f the ecnmic incentives cme frm but it intrduces security cncerns What if a c-lcated VM attacks my VM? Current slutin is VM islatin VMs cannt see each ther s memry r state Resurces are apprpriately shared App1 App2 App OS OS Hypervisr Hardware IBM WCSC 6

Breaking Islatin Expliting the hypervisr Sme attacks knwn against VMware s ESX, XBOX s hypervisr, Bypassing the hypervisr [Ristenpart et al. 09] shw that crss VM side-channels are pssible Cnclusin frm [Ristenpart et al. 09]: If security is a cncern, use a single-tenant server. IBM WCSC 7

Hw d we Prtect vs. Multi-Tenancy? App1 App2 App OS OS Hypervisr Hardware VM Islatin vulnerabilities side-channels Cryptgraphy strng security Single-Tenancy Perfectly secure IBM WCSC 8

Outline Mtivatin Secure utsurced cmputatin in a multi-tenant clud Delegatin prtcls Security definitin in ideal/real wrld paradigm General-purpse delegatin prtcl Secret sharing & MPC Limitatins f ur apprach IBM WCSC 9

A Pssible Apprach (EncK(x), f ) EncK ( f (x) ) Verifiable cmputatin [Gentry-Gennar-Parn, Chung-Kalai-Vadhan] Fully-Hmmrphic Encryptin (xʼ, f ) [Gentry, ] f (x), π IBM WCSC 10

FHE + VC Efficiency FHE is nt practical VC is based n FHE Overkill Interactin is OK Clud is nt a single-server envirnment IBM WCSC 11

Delegatin Prtcl Prtcl between C: the client wh prvides an input VM 1,,VM w : VM wrkers wh have n input but return an utput X IBM WCSC 12

Underlying Assumptin Crss VM attacks always wrk Semi-hnest: if A c-lcates a VM then it recvers client VM s state Malicius: if A c-lcates a VM then it cntrls client VM Wrst-case assumptin Makes ur results strnger Captures cncerns f highly sensitive clients (e.g., gvernments) Nt essential t ur mdel prbability f successful crss VM attack can be taken int accunt IBM WCSC 13

Security Definitin Ideal/real wrld paradigm frm MPC [,Canetti01] Real executin: C and VMs run the real prtcl in presence f A that can c-lcate adversarial VMs Ideal executin: C sends input t trusted party wh returns f(x) in presence f A that can c-lcate adversarial VMs Security: every A in the real wrld can be emulated by an A in the ideal wrld Nte: If A is malicius then it is allwed t abrt during the executins Guarantees: As lng as A c-lcates at mst (w - 1) adversarial VMs Privacy: A learns n infrmatin abut C s input r utput Crrectness: C receives crrect utput IBM WCSC 14

Multi-Party Cmputatin x f (x,y,z) y 80 s: [Ya, Gldreich-Micali- Wigdersn, ] z Tday: [Mhassel-Franklin, Lindell- Pinkas, Klesnikv-Sadeghi- Schnedier, ] IBM WCSC 15

Secret Sharing [Shamir]? IBM WCSC 16

A General-Purpse Prtcl The apprach Split input x int w shares (s 1,,s n ) Stre each share in a separate VM Make the VMs evaluate F using MPC F(s 1,,s n ; r 1 r n ): recvers the input x frm the shares Evaluates y = f(x) Use r 1 r n t generate w shares f y Output a share f y t each VM VMs send back their shares t C wh recvers y IBM WCSC 17

Intuitin Secret sharing A must crrupt each wrker MPC Enables VMs t securely cmpute n shared input Withut revealing infrmatin abut shares t ther wrkers Prevents A frm learning abut 2+ shares with a single crruptin Cin Tssing Cins will be unifrm as lng as at least ne wrker is uncrrupted Guarantees sharing f utput is secure Delegatin is secure vs. malicius A if MPC is IBM WCSC 18

Limitatins f Delegatin Prtcls Efficiency Overhead fr recver & share Overhead fr MPC [+ ZKPs/C&C if A is malicius] Cst Requires an extra (n 1) VMs Useful if cst f prtcl < cst f single-tenant server Onging wrk Efficient delegatin prtcls fr specific functinalities (e.g., plynmials) Cmbining ur apprach with ther techniques IBM WCSC 19

Questins? IBM WCSC 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information