Thomas Ristenpart (University of Wisconsin, Madison, USA)

In this talk we'll cover new security issues that arise in the use of virtualization. First we'll look at third-party cloud computing services such as Amazon's EC2 and Microsoft Azure. We'll see how so-called placement vulnerabilities allow an attacker to arrange for a malicious virtual machine (VM) to be assigned to the same physical server as a target victim's VM. From there, the attacking VM can mount side channel attacks. We'll report on initial work on cache-based side channels that can measure the victim's computational load to, for example, infer the kinds of web traffic received by a web server running on the victim's VM.

Next I'll present recent work on showing a new class of vulnerabilities, termed VM reset vulnerabilities, that arise due to reuse of VM snapshots. A snapshot is the saved state of a VM, which can include caches, memory, persistent storage, etc. A reset vulnerability occurs when resuming two or more times from the same VM snapshot exposes security bugs. I'll report on our discovery of several reset vulnerabilities in modern browsers used within commonly-used VM managers. These vulnerabilities exploit weaknesses in cryptographic protocols when confronted with reused randomness. I'll then explore potential solutions.

This talk will cover joint work with Stevan Savage, Hovav Shacham, Eran Tromer, and Scott Yilek

Radu Sion (Stony Brook University, USA)

In this talk we explore the economics of technology outsourcing in general and cloud computing in particular. We identify cost trade-offs and postulate the key principles of outsourcing that define when cloud deployment is appropriate and why. We also briefly touch on several main cyber-security aspects that impact the appeal of clouds. We outline and investigate some of the main research challenges on optimizing for these trade-offs. If you come to this talk you are also very likely to find out exactly how many US dollars you need to spend to break your favorite cipher or send one of your bits over the network.

Giuseppe Ateniese (Johns Hopkins University, USA)

Our entire digital life will be stored on remote storage servers such as Amazon S3, Microsoft Azure, Google, MobileMe, etc. Our emails, pictures, calendars, documents, music/video playlists, and generic files will be readily available, anytime and anywhere.

In this talk, we will answer the following question: How can we check whether the entire content of our digital life is actually intact and accessible, even though we have no local copy of it?

Ari Juels (RSA, The Security Division of EMC, USA)

The Cloud abstracts away infrastructural complexity for the benefit of tenants. But to tenants' detriment, it can also abstract away essential security information. In this talk, I'll discuss several protocols that remotely test cloud storage integrity and robustness without a reliance on detailed infrastructural knowledge or trust in cloud providers. Tenants or auditors can execute these protocols to: (1) Verify the integrity of files without downloading them; (2) Distribute files across cloud providers and verify their intactness with periodic, inexpensive checks (in a cloud analog to RAID); and (3) Test whether files are resilient to drive crashes.

Joint work with Kevin Bowers, Marten van Dijk, Burt Kaliski, Alina Oprea, and Ron Rivest.

Rodrigo Rodrigues (Max Planck Institute for Software Systems, Germany)

Despite the benefits of cloud computing, its users face a significant downside: they must yield control of their data to the cloud provider, and therefore need to blindly trust it to correctly manage a large, complex infrastructure prone to issues such as accidental or intentional data loss or disclosure. In this talk I will present Excalibur, a system that enables cloud providers to build services that give customers more assurances regarding the set of nodes allowed to manipulate their data, e.g., by restricting the software configuration they are allowed to run. Excalibur leverages commodity trusted computing hardware (TPMs) to provide the abstraction of policy-sealed data, where data is encrypted in a way that is associated with a given policy, and can only be retrieved by cloud nodes that obey that policy. In implementing this abstraction, Excalibur addresses several challenges that arise from using TPMs in the context of cloud computing.

This is joint work with Nuno Santos, Krishna Gummadi (MPI-SWS) and Stefan Saroiu (MSR).

Aurélien Wailly, Marc Lacoste, Hervé Debar (Orange Labs and Télécom Sud Paris, France)

Despite its many foreseen benefits, the main barrier to adoption of cloud computing remains security. Vulnerabilities introduced by virtualization of computing resources, and unclear effectiveness of traditional security architectures in fully virtualized networks raise many security challenges. The most critical issue remains resource sharing in a multi-tenant environment, which creates new attack vectors. The question is thus how to guarantee strong resource isolation, both on the computing and networking side. System and network complexity make manual security maintenance impossible by human administrators. Computing and networking isolation over virtualized environments should thus be achieved and automated.

Unfortunately, current solutions fail to achieve that goal: hugely fragmented, they tackle the problem only from one side and at a given layer, thus without end-to-end guarantees. Moreover, they remain difficult to administer. A new integrated and more flexible approach is therefore needed.

This paper describes a unified autonomic management framework for IaaS resource isolation, at different layers, and from both computing and networking perspectives. A nested architecture is proposed to orchestrate multiple autonomic security loops, both over views and layers, resulting in very flexible self-managed cloud resource isolation. A first design for the corresponding framework is also specified for a simple IaaS infrastructure.

Mudassar Aslam, Christian Gehrmann (Swedish Institute of Computer Science)

The concept of virtualization is not new but leveraging virtualization in different modes and at different layers has revolutionized its usage scenarios. Virtualization can be applied at application layer to create sandbox environment, operating system layer to virtualize shared system resources (e.g. memory, CPU), at platform level or in any other useful possible hybrid scheme. When virtualization is applied at platform level, the resulting virtualized platform can run multiple virtual machines as if they were physically separated real machines. Provisioning virtualized platforms in this way is often also referred to as Platform as a Service (PaaS) in the cloud computing terminology. Different business models, like datacenters or telecommunication providers and operators, can get business benefits by using platform virtualization due to the possibility of increased resource utilization and reduced upfront infrastructure setup expenditures. This opportunity comes together with new security issues. An organization that runs services in form of virtual machine images on an offered platform needs security guarantees. In short, it wants evidence that the platforms it utilizes are trustworthy and that sensitive information is protected. Even if this sounds natural and straight forward, few attempts have been made to analyze in details what these expectations means from a security technology perspective in a realistic deployment scenario. In this paper we present a telecommunication virtualized platform provisioning scenario with two major stakeholders, the operator who utilizes virtualized telecommunication platform resources and the service provider, who offers such resources to operators. We make threats analysis for this scenario and derive major security requirements from the different stakeholders’ perspectives. Through investigating a particular virtual machine provisioning use case, we take the first steps towards a better understanding of the major security obstacles with respect to platform service offerings. The last couple of years we have seen increased activities around security for clouds regarding different usage and business models. We contribute to this important area through a thorough security analysis of a concrete deployment scenario. Finally, we use the security requirements derived through the analysis to make a comparison with contemporary related research and to identify future research challenges in the area.

Ahmad Sadeghi (TU Darmstadt, Germany)

TBA

Dominik Birk (Ruhr-Universität Bochum, Germany)

Cloud Computing is arguably one of the most discussed information technology topics in recent times. It presents many promising technological and economical opportunities. However, many customers remain reluctant to move their business IT infrastructure completely to “the Cloud“. One of the main concerns of customers is Cloud security and the threat of the unknown. Cloud Service Providers (CSP) encourage this perception by not letting their customers see what is behind their “virtual curtain“. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital investigations. This continues to fuel insecurity on the sides of both providers and customers. In Cloud Forensics, the lack of physical access to servers constitutes a completely new and disruptive challenge for investigators. Due to the decentralized nature of data processing in the Cloud, traditional approaches to evidence collection and recovery are no longer practical. This paper focuses on the technical aspects of digital forensics in distributed Cloud environments. We contribute by assessing whether it is possible for the customer of Cloud Computing services to perform a traditional digital investigation from a technical standpoint. Furthermore we discuss possible new methodologies helping customers to perform such investigations and discuss future issues.

Imad M. Abbadi (Oxford University Computing Laboratory, UK)

Current clouds infrastructure do not provide the full potential of automated self-managed services. Cloud infrastructure management are supported by clouds’ internal employees and contractors (e.g. enterprise architects, system and security administrators). Such manual management process that require human intervention is not adequate considering the cloud promising future as an Internet scale critical infrastructure. This paper is concerned about exploring and analyzing automated self-managed services for cloud’s virtual resources. We propose a conceptual model of self-managed services interdependencies and identify static and dynamic factors affecting their automated actions in the context of cloud computing. Next, we identify the challenges involved in providing secure and reliable self-managed services. We have just started the work in this area as part of EU funded Trusted cloud (TCloud) project.

Giuseppe Persiano (Università di Salerno, Italy)

In this talk we will survey the state of the art in Predicate Encryption with special focus on Hidden Vector Encryption schemes and show its applicability to Private and Searchable Remote Storage. Our thesis is that Predicate Encryption offers solid Cryptographic foundations for Remote Storage but several issues remain to be addressed before we can deploy usable and private remote storage.

Benny Pinkas (Bar Ilan University, Israel)

The talk will discuss deduplication, a form of compression in which duplicate copies of files are replaced by links to a single copy. Deduplication is known to reduce the space and bandwidth requirements of Cloud storage services by more than 90%, and is most effective when applied across multiple users.

We study the privacy implications of cross-user deduplication. We demonstrate how deduplication can be used as a side channel which reveals information about the contents of files of other users, as a covert channel by which malicious software can communicate with its control center, or as a method to retrieve files about which you have only partial information.

Due to the high savings offered by cross-user deduplication, cloud storage providers are unlikely to stop using this technology. We therefore propose mechanisms that enable cross-user deduplication while ensuring meaningful privacy guarantees.

Hans P. Reiser (University of Lisboa, Portugal and University of Passau, Germany)

CloudFIT is an ongoing project that designs an architecture for intrusiontolerant applications that can be deployed dynamically in the cloud. This position paper presents an outline of the architecture that is being developed in the project, and discusses the implications of the deployment in the cloud. We explore to what extent existing BFT algorithms can be used for increasing security and availability in the proposed architecture and what issues still need to be resolved in the future.

Christian Cachin (IBM Research - Zurich, Switzerland)

A group of mutually trusting clients outsources an arbitrary computation service to a remote provider, which they do not fully trust and that may be subject to attacks. The clients do not communicate with each other and would like to verify the integrity of the stored data, the correctness of the remote computation process, and the consistency of the provider’s responses.

We present a novel protocol that guarantees atomic operations to all clients when the provider is correct and fork-linearizable semantics when it is faulty; this means that all clients which observe each other’s operations are consistent, in the sense that their own operations, plus those operations whose effects they see, have occurred atomically in same sequence. This protocol generalizes previous approaches that provided such guarantees only for outsourced storage services.

Ran Canetti, Ben Riva, Guy Rothblum (Tel Aviv University, Israel and Princeton University, USA)

The current move to Cloud Computing raises the need for verifiable delegation of computations, where a weak client delegates his computation to a powerful cloud, while maintaining the ability to verify that the result is correct. Although there are prior solutions to this problem, none of them is yet both general and practical for real-world use.

We propose to extend the model as follows. Instead of using one cloud, the client uses two or more different clouds to perform his computation. The client can verify the correct result of the computation, as long as at least one of the clouds is honest. We believe that such extension suits the world of cloud computing where cloud providers have incentives not to collude, and the client is free to use any set of clouds he wants.

Our results are twofold. First, we show two protocols in this model:

1. A computationally sound verifiable computation for any efficiently computable function, with logarithmically many rounds, based on any collision-resistant hash family.
2. A 1-round (2-messages) unconditionally sound verifiable computation for any function computable in log-space uniform N C.

Second, we show that our first protocol works for essentially any sequential program, and we present an implementation of the protocol, called QUIN, for Windows executables. We describe its architecture and experiment with several parameters on live clouds.

Sven Bugiel, Stefan Nürnberger, Ahmad Sadeghi, Thomas Schneider (TU Darmstadt and Ruhr-Universität Bochum, Germany)

Cloud computing promises a more cost effective enabling technology to outsource storage and computations. Existing approaches for secure outsourcing of data and arbitrary computations are either based on a single tamper-proof hardware, or based on recently proposed fully homomorphic encryption. The hardware based solutions are not scaleable, and fully homomorphic encryption is currently only of theoretical interest and very inefficient.

In this paper we propose an architecture for secure outsourcing of data and arbitrary computations to an untrusted commodity cloud. In our approach, the user communicates with a trusted cloud (either a private cloud or built from multiple secure hardware modules) which encrypts and verifies the data stored and operations performed in the untrusted commodity cloud. We split the computations such that the trusted cloud is mostly used for security-critical operations in the less time-critical setup phase, whereas queries to the outsourced data are processed in parallel by the fast commodity cloud on encrypted data.

Seny Kamara, Mariana Raykova (Microsoft Research and Columbia University, USA)

We present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n - 1 machines can recover any information about the client's input or output. The protocol makes black-box use of multi-party computation (MPC) and secret sharing and inherits the security properties of the underlying MPC protocol (i.e., passive vs. adaptive security and security in the presence of a semi-honest vs. malicious adversary).

Using this protocol, a client can securely delegate any computation to a multi-tenant cloud so long as the adversary is not co-located on at least one machine in the cloud. Alternatively, a client can use our protocol to securely delegate its computation to multiple multi-tenant clouds so long as the adversary is not co-located on at least one machine in one of the clouds.

Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Tal Malkin, Mariana Raykova, Yevgeniy Vahlis (Columbia University, University of Maryland, and Bell Labs)

We study the problem of secure two-party and multi-party computation in a setting where some of the participating parties hold very large inputs. Such settings increasingly appear when participants wish to securely query a database server, a typical situation in cloud related applications. Classic results in secure computation require work that grows linearly with the size of the input, while insecure versions of the same computation might require access to only a small number of database entries.

We present new secure MPC protocols that, in an amortized analysis, have only polylogarithmic overhead when compared with the work done in an insecure computation of the functionality. Our first protocol is generically constructed from any Oblivious RAM scheme and any secure computation protocol. The second protocol is optimized for secure two-party computation, and is based directly on basic cryptographic primitive

Florian Kerschbaum and Kiayias Aggelos (SAP Research Karlsruhe, Germany and University of Athens, Greece)

Cryptographic tools, such as secure computation or homomorphic encryption, are very computationally expensive. This makes their use for confidentiality protection of client’s data against an untrusted service provider uneconomical in most applications of cloud computing. In this paper we present techniques for randomizing data using light-weight operations and then securely outsourcing the computation to a server. We discuss how to formally assess the security of our approach and present linear programming as a case study.

Shlomi Dolev, Juan Garay, Niv Gilboa, Vladimir Kolesnikov (Ben-Gurion University, Israel, AT&T Labs Research, USA, and Bell Labs, USA)

In this paper we consider the problem of n agents (servers) wishing to perform a given computation on behalf of a user, on common inputs and in a privacy preserving manner, in the sense that even if the entire memory contents of some of them are exposed, no information is revealed about the state of the computation, and where there is no a priori bound on the number of inputs. The problem has received ample attention recently in several domains, including cloud computing as well as swarm computing and Unmanned Aerial Vehicles (UAV) that collaborate in a common mission, and schemes have been proposed that achieve this notion of privacy for arbitrary computations, at the expense of one round of communication per input among the n agents.

In this work we show how to avoid communication altogether during the course of the computation, with the trade-off of computing a smaller class of functions, namely, those carried out by finite-state automata. Our scheme, which is based on a novel combination of secret-sharing techniques and the Krohn-Rhodes decomposition of finite state automata, achieves the above goal in an information-theoretically secure manner, and, furthermore, does not require randomness during its execution.