Hardware-enhanced security for cloud computing

Secure Cloud Computing

Volumn 9781461492788, Issue , 2014, Pages 57-76

  Szefer, Jakub ^a   Lee, Ruby B ^a  

^a Princeton University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLOUD SECURITY; ECONOMICS;

CLOUD PROVIDERS; CLOUD-COMPUTING; CO-LOCATED; COMPUTING RESOURCE; ECONOMY OF SCALE; HARDWARE ARCHITECTURE; ON-DEMAND COMPUTING; REMOTE SYSTEMS; SYSTEM SOFTWARES; THIRD PARTIES;

SALES;

EID: 84929854649     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-1-4614-9278-8_3     Document Type: Chapter

References (27)

1. ARM, TrustZone. http://www.arm.com/products/processors/technologies/trustzone.php, accessed April 2013.
2. VMWare. http://www.vmware.com/, accessed April 2013.
3. Xen. http://www.xen.org, accessed May 2013.
4. David Champagne. Scalable Security Architecture for Trusted Software. PhD thesis, Princeton University, 2010.
5. David Champagne and Ruby B. Lee. Scalable architectural support for trusted software. In Proceedings of the 16th International Symposium on High Performance Computer Architecture, HPCA, pages 1-12, 2010.
6. Jeffrey S. Dwoskin and Ruby B. Lee. Hardware-rooted trust for secure key management and transient trust. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 389-400, 2007.
7. Joan G. Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer, Leendert van Doorn, Sean W. Smith, and Steve Weingart. Building the IBM 4758 Secure Coprocessor. Computer, 34:57-66, 2001.
8. Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: A virtual machine-based platform for trusted computing. SIGOPS Oper. Syst. Rev., 37(5):193-206, 2003.
9. Tal Garfinkel and Mendel Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings Network and Distributed Systems Security Symposium, pages 191-206, 2003.
10. Ruby B. Lee, Peter Kwan, John Patrick McGregor, Jeffrey Dwoskin, and Zhenghong Wang. Architecture for protecting critical secrets in microprocessors. In Proceedings of the International Symposium on Computer Architecture, ISCA, pages 2-13, 2005.
11. Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. Secure virtual machine execution under an untrusted management OS. In Proceedings Conference on Cloud Computing (CLOUD), pages 172-179, 2010.
12. David Lie, John C.Mitchell, Chandramohan A. Thekkath, and Mark Horowitz. Specifying and verifying hardware for tamper-resistant software. In Proceedings of Symposium on Security and Privacy, S&P, pages 166-177, 2003.
13. Ryan Riley, Xuxian Jiang, and Dongyan Xu. Guest-Transparent prevention of kernel rootkits with vmm-based memory shadowing. In Richard Lippmann, Engin Kirda, and Ari Trachtenberg, editors, Recent Advances in Intrusion Detection, volume 5230 of Lecture Notes in Computer Science, pages 1-20. Springer Berlin Heidelberg, 2008.
14. Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez, Leendert Van Doorn, John Linwood Griffin, Stefan Berger, Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez, Leendert Doorn, John Linwood, and Griffin Stefan Berger. sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Technical Report RC23511, IBM Research, 2005.
15. Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. SIGOPS Oper. Syst. Rev., 41(6):335-350, 2007.
16. Monirul I. Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi. Secure in-vm monitoring using hardware virtualization. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 477-487, 2009.
17. Udo Steinberg and Bernhard Kauer. NOVA: A microhypervisor-based secure virtualization architecture. In European Conference on Computer Systems, pages 209-222, 2010.
18. G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, and Srinivas Devadas. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual International Conference on Supercomputing, ICS '03, pages 160-171, 2003.
19. Jakub Szefer. Architectures for Secure Cloud Computing Servers. PhD thesis, Princeton University, 2013.
20. Jakub Szefer and Ruby B. Lee. A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing. In Proceedings of the Second International Workshop on Security and Privacy in Cloud Computing, SPCC, pages 248-252, 2011.
21. Jakub Szefer and Ruby B. Lee. Architectural Support for Hypervisor-Secure Virtualization. In Proceedings of International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, pages 437-450, March 2012.
22. Trusted Computing Group Trusted Platform Module main specification version 1.2, revision 94. http://www.trustedcomputinggroup.org/resources/tpm-main-specification, accessed April 2013.
23. Carl A. Waldspurger. Memory resource management in VMware ESX server. In 5th Symposium on Operating Systems Design and Implementation (OSDI), pages 181-194, 2002.
24. Zhenghong Wang and Ruby B. Lee. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual International Symposium on Computer Architecture, ISCA '07, pages 494-505, 2007.
25. Zhenghong Wang and Ruby B. Lee. A novel cache architecture with enhanced performance and security. In Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture, MICRO 41, pages 83-93, 2008.
26. Zhi Wang and Xuxian Jiang. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, S&P, pages 380-395, May 2010.
27. Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. Countering kernel rootkits with lightweight hook protection. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS, pages 545-554, 2009.