"Haven Shielded Execution: How to Protect your cloud hosted application from cloud platform providers and law enforcement bodies" by Ijlal Loutfi
Ijlal Loutfi is a new PhD student in the ConSeRNS group.
In this talk, we will discuss the concepts of shielded execution, as well as survey the state of art for trusted hardware and application isolation systems. (See Abstrat in the long description.)
Today’s cloud platforms offer many advantages, but these are often outweighed by the risks inherent in a hierarchical security architecture: Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.
Haven, a newly proposed solution by Microsoft research, is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks such as memory probes, but also addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host .
[1 ]A.Baumann, Y. Li, M. Peinado, Galen Hunt: Shielding Applications from an Untrusted Cloud with Haven. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14),October 2014