Keynote talk III: Trusted cloud: How to make the cloud more secure

摘要

Cloud computing is growing because of cost advantages and convenience it offers to customers. However, security and privacy continue to be major concerns. We wish to guard against a powerful adversary who can compromise the CloudOS, and uses all privileges of the CloudOS to compromise the integrity and confidentiality of user applications. Secure hardware and/or small trusted hypervisors are the main weapons in our arsenal to guard against such powerful adversaries. Secure hardware (such as Intel SGX) enables user mode applications to package code and data into regions that are isolated from all other software running on the machine. Isolated regions can also be implemented with a small trusted hypervisor. However, it is an open research question as to how entire cloud services can be built using trusted hardware as a primitive, while maintaining a small TCB, providing good performance and end-to-end security guarantees. The Trusted Cloud project at Microsoft Research explores ways to answer this question, and it builds on techniques spanning hardware, OS, compilers and verification tools. In this talk, I will describe our efforts on architecting trusted and more secure cloud services using these principles.