policy sealed data
play

Policy-Sealed Data: A New Abstraction for Building Trusted Cloud - PowerPoint PPT Presentation

Oct 12, 2023 •172 likes •373 views

Max Planck Institute for Software Systems Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services Nuno Santos 1 , Rodrigo Rodrigues 2 , Krishna P. Gummadi 1 , Stefan Saroiu 3 MPI-SWS 1 , CITI / Universidade Nova Lisboa 2 ,

  1. Max Planck Institute for Software Systems Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services Nuno Santos 1 , Rodrigo Rodrigues 2 , Krishna P. Gummadi 1 , Stefan Saroiu 3 MPI-SWS 1 , CITI / Universidade Nova Lisboa 2 , Microsoft Research 3

  2. Managing the Cloud is Complex & Error-Prone Is my data Data Customer properly managed? Cloud Software Administrator Cloud software admins. can Cloud Provider compromise customers’ data 2 Nuno Santos 11/5/15

  3. Trusted Computing Can Help Mitigate Threats Attest Customer Newer hypervisors can offer 1. protection from SW admins. } e.g., nested virtualization: CloudVisor [SOSP’11], Credo Customer [MSR-TR] VM Trusted computing can attest 2. Hypervisor cloud node runs “correct” hypervisor HW TPM } Trusted Platform Module (TPM) Cloud Node But, TPMs alone ill-suited for the Cloud Provider cloud 3 Nuno Santos 11/5/15

  4. TPMs Alone Are Ill-Suited for the Cloud Stifle VM and data migration across cloud nodes 1. } TPMs root-of-trust not transferable from one node to another Cloud providers hesitant to reveal low-level cloud details 2. } TPMs abstractions can reveal node’s identity and details of the node’s entire software stack Commodity TPMs can hinder the cloud’s ability to scale 3. } TPMs’ poor performance may introduce bottlenecks 4 Nuno Santos 11/5/15

  5. Our Contributions Policy-sealed data abstraction 1. } Data is handled only by nodes satisfying customer-chosen policy } Examples: } Handle data only by nodes running CloudVisor } Handle data only by nodes located in the EU Use attribute-based encryption (CP-ABE) to implement 2. abstraction efficiently } Binds policies and node attributes to node configurations } Ciphertext-Policy Attribute-Based Encryption [Bethencourt07] Excalibur incorporates both contributions 5 Nuno Santos 11/5/15

  6. Excalibur Addresses TPM Limitations in Cloud } Enables flexible data migration across cloud nodes } Customer data accessible to any node that satisfies the customer policy Policy-sealed data } Hides node’s identities and low- level details of the software } Only high-level attributes are revealed } Masks TPMs’ poor performance Attribute-based } Enforcing policies does not require encryption direct calls to TPMs 6 Nuno Santos 11/5/15

  7. Outline } Introduction } Threat model } Policy-sealed data } Design } Monitor } CP-ABE } Evaluation 7 Nuno Santos 11/5/15

  8. Threat Model The attacker can… The attacker cannot… } perform physical attacks } configure nodes remotely } e.g., scrape TPMs to learn its secrets } reboot nodes } compromise system’s TCB } install software platform } monitor } secure hypervisor } access disk } compromise CP-ABE } eavesdrop network 8 Nuno Santos 11/5/15

  9. Outline } Introduction } Threat model } Policy-sealed data } Design } Monitor } CP-ABE } Evaluation 9 Nuno Santos 11/5/15

  10. Policy-Sealed Data Unseal Seal + decrypt data iff encrypt and bind node meets policy Policy-Sealed Data data to policy Seal to: visor = “secure visor” Hypervisors Secure Customer Provider Commodity 10 Nuno Santos 11/5/15

  11. Policy-Sealed Data: Attributes & Policies } Node configurations expressed as Node Attributes set of attributes service : “EC2” hypervz : “CloudVisor” version : “1” } Attributes mapped to nodes’ country : “Germany” zone : “z1” identities and software config } node id à hardware attributes Data Policy } software config à software attributes service = “EC2” and and } Customers select trusted node hypervz = “CloudVisor” and and configurations in policies version >= “1” and and } Logic expressions over attributes (country = “Germany” or or country = “UK”) 11 Nuno Santos 11/5/15

  12. Outline } Introduction } Threat model } Policy-sealed data } Design } Monitor } CP-ABE } Evaluation 12 Nuno Santos 11/5/15

  13. Excalibur Architecture + } Check node Customer Policy-Sealed Data configurations seal } Monitor attests nodes in unseal attest & background send credential } Scalable policy enforcement } CP-ABE operations at client-side lib Monitor Datacenter 13 Nuno Santos 11/5/15

  14. Excalibur Mediates TPM Access w/ Monitor Monitor goals: } Track node ids + TPM-based Customer attestations } Hides low-level details from users } Track nodes’ attributes that cannot be attested via today’s TPMs } e.g., nodes’ locations (EU vs. US) TPM } Form the cloud’s root of trust Cloud Node Monitor } Customers only need to attest the monitor’s software configuration 14 Nuno Santos 11/5/15

  15. Attribute-based Encryption Is Key to Scalability Customers seal data to a policy with a CP-ABE encryption key Once each node attests its configuration, monitor hands CP-ABE decryption key Ciphertext-Policy Attribute-Based Encryption [Bethencourt07] } Encryption Seal ( , Data, Policy ) Key Decryption Key Policy-Sealed Master Unseal ( , ) ) à Data Data Key Attributes Monitor Node 15 Nuno Santos 11/5/15

  16. Outline } Introduction } Threat model } Policy-sealed data } Design } Monitor } CP-ABE } Evaluation 16 Nuno Santos 11/5/15

  17. Methodology } Two questions: } What is the overhead of policy-sealed data? } Is the monitor a scalability bottleneck? } Implemented cloud service akin to EC2 } Based on Eucalyptus / Xen cloud platform } Supports location attribute } Interposed seal / unseal in VM management operations } Testbed: single monitor and five nodes } Intel Xeon, 2.83Ghz 8-core CPU, 1.6 GB RAM, TPM v1.2 17 Nuno Santos 11/5/15

  18. What Is the Overhead of Seal / Unseal? Overhead of CP-ABE in Eucalyptus / Xen platform CP-ABE’s overhead could be significant However, VM operations are infrequent 18 Nuno Santos 11/5/15

  19. Is the Monitor a Scalability Bottleneck? } Monitor can attest a large number of nodes } Max throughput: 630 attestation-verifications/sec } E.g., 10K node cluster attests in ~15 seconds } Monitor can serve many attestation requests from customers } Max throughput: 4800 attestation-requests/sec } Increases throughput of standard TPM attestation } Batches multiple attestation requests into single TPM call } Speedup orders of magnitude over standard TPM attestation 19 Nuno Santos 11/5/15

  20. Conclusions } Excalibur overcomes TPM’s limitations in the cloud } Policy-sealed data : new trusted computing primitive } Flexible sealed storage } Reduce overexposure } CP-ABE makes Excalibur scale } Masks low performance of TPMs } Evaluation indicates that the system is practical 20 Nuno Santos 11/5/15

Recommend

Sealed Bids 58 Contents Invitation for Bids Bid Opening Contract Award 59

Sealed Bids 58 Contents Invitation for Bids Bid Opening Contract Award 59

6 CHAPTER Sealed Bids 58 Contents Invitation for Bids Bid Opening Contract Award 59 Introduction Sealed bids are used for purchases above small purchase threshold Solicitation process for sealed bids is designed to assist

184 views • 16 slides
Closed, Sealed & Secure Container Valve Systems Micro Matic - Closed, Sealed & Secure

Closed, Sealed & Secure Container Valve Systems Micro Matic - Closed, Sealed & Secure

Closed, Sealed & Secure Container Valve Systems Micro Matic - Closed, Sealed & Secure Container Valve Systems Delivering DEF Purity, Packaging Integrity & Operational Excellence Overview Points of Discussion How We Can Help You &

598 views • 34 slides
Taylor's 325th Anniversary Limited Edition Research into antique sealed bottles, led to the

Taylor's 325th Anniversary Limited Edition Research into antique sealed bottles, led to the

Taylor's 325th Anniversary Limited Edition Research into antique sealed bottles, led to the discovery of the oldest known example of a sealed bottle with a date, from a merchant, in this case the 4 and XX symbol still used as Taylors

56 views • 3 slides
Auctions Lirong Xia Sealed-Bid Auction One item A set of bidders 1,, n bidder j s

Auctions Lirong Xia Sealed-Bid Auction One item A set of bidders 1,, n bidder j s

Auctions Lirong Xia Sealed-Bid Auction One item A set of bidders 1,, n bidder j s true value v j bid profile b = ( b 1 ,, b n ) A sealed-bid auction has two parts allocation rule: x ( b ) {0,1} n , x j ( b )=1

428 views • 19 slides
Sealed Bid Sale Extended to July 31, 2020 Executive Summary Geneva Land Services, Inc. has been

Sealed Bid Sale Extended to July 31, 2020 Executive Summary Geneva Land Services, Inc. has been

Shearer Executive Compound Sealed Bid Auction Mims, Volusia County, Florida Sealed Bid Sale Extended to July 31, 2020 Executive Summary Geneva Land Services, Inc. has been retained to offer qualified buyers the opportunity to acquire the

449 views • 10 slides
Ghetto A ghe&o is a sealed off area of the city

Ghetto A ghe&o is a sealed off area of the city

Ghetto A ghe&o is a sealed off area of the city where Jews were forced to live. Generally ghe&os had horrible living condi:ons. This

595 views • 12 slides
Sealed Trees and the Perfect Subtree Property for Weakly Compact Cardinals Sandra M uller

Sealed Trees and the Perfect Subtree Property for Weakly Compact Cardinals Sandra M uller

Sealed Trees and the Perfect Subtree Property for Weakly Compact Cardinals Sandra M uller Universit at Wien November 1, 2019 Joint with Yair Hayut Rutgers MAMLS 2019 Sandra M uller (Universit at Wien) Sealed Trees and PSP for

1.05k views • 62 slides
Disposal of Sealed Sources April 17, 2009 Michael J. Zittle Assistant Radiation Safety Officer,

Disposal of Sealed Sources April 17, 2009 Michael J. Zittle Assistant Radiation Safety Officer,

Disposal of Sealed Sources April 17, 2009 Michael J. Zittle Assistant Radiation Safety Officer, Oregon State University, Campus Radiation Safety Officers (CRSO) Representative Sealed Source Generators Oregon State University (OSU)

639 views • 15 slides
Records and Sealed Types Coming Soon to a JVM Near You! Ben Evans (He / Him) Safe Harbor

Records and Sealed Types Coming Soon to a JVM Near You! Ben Evans (He / Him) Safe Harbor

Records and Sealed Types Coming Soon to a JVM Near You! Ben Evans (He / Him) Safe Harbor This presentation and the information herein (including any information that may be incorporated by reference) is provided for informational purposes

616 views • 35 slides
DEF A New Agricultural Chemical 2013 EPA Emissions Regulations Micro Matic - Closed, Sealed

DEF A New Agricultural Chemical 2013 EPA Emissions Regulations Micro Matic - Closed, Sealed

DEF A New Agricultural Chemical 2013 EPA Emissions Regulations Micro Matic - Closed, Sealed & Secure Container Valve Systems Delivering DEF Purity, Packaging Integrity & Operational Excellence Overview Points of Discussion EPA

468 views • 13 slides
Pre-Proposal Meeting Request for Competitive Sealed Proposal RFCSP752-20-239720-MM Music

Pre-Proposal Meeting Request for Competitive Sealed Proposal RFCSP752-20-239720-MM Music

Pre-Proposal Meeting Request for Competitive Sealed Proposal RFCSP752-20-239720-MM Music Building MEIT & Recital Renovation December 17, 2019 @ 2:00 PM Agenda Introductions Background Key dates/times Submittal instructions

758 views • 23 slides
Submitting Bids & Viewing Awards Procurement Overview The Competitive Sealed Bid Process

Submitting Bids & Viewing Awards Procurement Overview The Competitive Sealed Bid Process

Submitting Bids & Viewing Awards Procurement Overview The Competitive Sealed Bid Process (> $50,000) 1.Bid specifications are created by the using agency and posted on eMaryland Marketplace by DGS. 2.A pre-bid meeting/site visit is held

750 views • 47 slides
Sealed Corridor Concept Railr lroad oad Per erspecti spective Norfolk Southern Railway

Sealed Corridor Concept Railr lroad oad Per erspecti spective Norfolk Southern Railway

Sealed Corridor Concept Railr lroad oad Per erspecti spective Norfolk Southern Railway Company Overview Operat ates es approxi xima mately ely 19,500 00 route miles es in 22 states es and the District trict of Columb umbia

136 views • 9 slides
TOGGLE SWITCHES Series 01 Miniature Toggle Switch Series S1 Sealed Miniature Toggle Switch

TOGGLE SWITCHES Series 01 Miniature Toggle Switch Series S1 Sealed Miniature Toggle Switch

TOGGLE SWITCHES Series 01 Miniature Toggle Switch Series S1 Sealed Miniature Toggle Switch Series 02 Sub-Miniature Toggle Switch Series S2 Sealed Sub-Miniature Toggle Switch Series M2 Sealed Surface Mount Toggle Switch . . ROCKER

169 views • 13 slides
Balloons Hot-air balloons dont have to be sealed and most are not Helium balloons leak

Balloons Hot-air balloons dont have to be sealed and most are not Helium balloons leak

Balloons 1 Balloons 2 Observations about Balloons Balloons are held taut by the gases inside Some balloon float in air while others dont Balloons Hot-air balloons dont have to be sealed and most are not Helium balloons leak

296 views • 3 slides
Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki

Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki

th High Power Targetry Workshop 4 8 June 201 , FRIB Michigan State University Compact Sealed lithium target for accelerator-driven BNCT system Kazuki Tsuchida, Yoshiaki Kiyanagi Nagoya University 1 B oron N eutron C apture

510 views • 20 slides
Chyuan Chiao is a leading Chinese custom manufacturer of hermetically sealed (GTMS or

Chyuan Chiao is a leading Chinese custom manufacturer of hermetically sealed (GTMS or

facilities equipment list http://www.glass-to-metal-seal.com Capabilities Chyuan Chiao is a leading Chinese custom manufacturer of hermetically sealed (GTMS or glass-to-metal seal) connectors, headers, terminals, and microelectronic packages.

355 views • 11 slides
End of Life Management of Sealed Radioactive Sources 17 July 2019, Vienna, Austria Kapila De

End of Life Management of Sealed Radioactive Sources 17 July 2019, Vienna, Austria Kapila De

End of Life Management of Sealed Radioactive Sources 17 July 2019, Vienna, Austria Kapila De Silva Deputy Director Sri Lanka Atomic Energy Regulatory Council Sri Lanka Contents 1) Challenges encountered with the end of life management of

726 views • 23 slides
Dr. Jennifer Zwicker HOW DOES DATA IMPACT POLICY? Policy/clinical impact Evaluation

Dr. Jennifer Zwicker HOW DOES DATA IMPACT POLICY? Policy/clinical impact Evaluation

How does data impact policy? Dr. Jennifer Zwicker HOW DOES DATA IMPACT POLICY? Policy/clinical impact Evaluation Intervention research and clinical application Needs assessment DATA AND NEEDS OF PERSONS WITH DISABILITIES NEEDS ASSESSMENT

596 views • 28 slides
Sealed Air Announces Sale of New Diversey to Bain Capital Private Equity March 27, 2017 Safe

Sealed Air Announces Sale of New Diversey to Bain Capital Private Equity March 27, 2017 Safe

Sealed Air Announces Sale of New Diversey to Bain Capital Private Equity March 27, 2017 Safe Harbor and Regulation G Statement This presentation contains forward -looking statements within the meaning of the safe harbor provisions of the

483 views • 5 slides
Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie

CyLab Data privacy and big Data privacy and big data data Engineering & Public Policy Lorrie Faith Cranor November 12, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

658 views • 21 slides
Experience from policy makers/data users on the impact of changes in labour indicators on policy

Experience from policy makers/data users on the impact of changes in labour indicators on policy

Experience from policy makers/data users on the impact of changes in labour indicators on policy formulation and monitoring Nguyn Th Vit Nga General Statistics Office Vietnam 1 Content Introduction 1. Some findings 2. Conclusion

350 views • 23 slides
SWEET Data, Publication and Presentation Policy 1. OBJECTIVES The SWEET publication policy

SWEET Data, Publication and Presentation Policy 1. OBJECTIVES The SWEET publication policy

SWEET Data, Publication and Presentation Committee (DPPC) SWEET Data, Publication and Presentation Policy 1. OBJECTIVES The SWEET publication policy regulates all publications, presentations, etc. based on SWEET data or any other information

491 views • 7 slides
View from an NIH Policy Wonk Carrie D. Wolinetz, PhD Associate Director for Science Policy

View from an NIH Policy Wonk Carrie D. Wolinetz, PhD Associate Director for Science Policy

Data Sharing: View from an NIH Policy Wonk Carrie D. Wolinetz, PhD Associate Director for Science Policy National Institutes of Health Roots of data sharing culture 2 The HGP changed the norms around data sharing in biomedical research

423 views • 17 slides

More recommend