Private Computing on Public Platforms.

摘要

Private Computing on Public Platforms (PCPP) is a new security approach which enables applications to run securely and privately on third party systems. PCPP isolates applications to ensure that the application control flow and data remain unaltered, unmonitored, and unrecorded before, during, and after execution.;In this thesis we define PCPP by expanding the unaltered, unmonitored, and unrecorded requirement to develop a public computing threat model. Additionally, we develop a set of overall PCPP requirements and characteristics which include; PCPP must be a software only implementation, PCPP will require opt-in from 3rd party remote platforms, PCPP will offer the ability to opt-out, PCPP will validate remote platforms prior to use, PCPP will protect individual applications rather than entire systems, PCPP can protect legacy applications, PCPP must provide an encryption key protection mechanism, and PCPP must defend against all threats in the public computing threat model.;We further propose a PCPP architecture which uses a set of 5 PCPP building blocks, host assessment, executable guard, secure context switch, secure I/O, and encryption key protection. The host assessment evaluates 3rd party remote platforms to ensure that their configuration matches the execution and security requirements of the PCPP application. The executable guard is a new binary executable format designed to protect the executable code while it is stored in non-volatile memory on the 3 rd party remote platform and also offers a secure executable launch process. Secure context switch encrypts all PCPP application state when the PCPP application loses ownership of the host processor and decrypts the state when the PCPP application regains control of the host processor. With Secure I/O all file contents are always encrypted when stored in non-volatile memory. Secure I/O protects file access by encrypting all write data and decrypting all read data. The encryption key protection service safely stores PCPP encryption keys on the 3rd party remote platform during application execution using a modification to the Linux context switch routine which protects encryption keys while not in use and uses a set of integrity checks to confirm only the protected application may access the stored keys. We offer expanded definitions and discussions of each PCPP building block in the body of this thesis.;We have completed implementations of all the PCPP building blocks. We offer discussions of the implementations and results comparing the execution time of ordinary applications to that of applications running with PCPP building blocks in place. Additionally, we offer a second PCPP architecture which call demand encryption/decryption which offers improved speed and security.