Improving Cloud Security using Secure Enclaves

Jethro Beekman

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2016-219
December 22, 2016

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-219.pdf

Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack.

This dissertation describes the unalterable secure service concept for trustworthy cloud computing. Secure services are a powerful abstraction that enables viewing the cloud as a true extension of local computing resources. Secure services combine the security benefits one gets locally with the manageability and availability of the distributed cloud.

Secure services are implemented using secure enclaves. Remote attestation of the server is used to obtain guarantees about the programming of the service. This dissertation addresses concerns related to using secure enclaves such as providing data freshness and distributing identity information. Certificate Transparency is augmented to distribute information about which services exist and what they do. All combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.

Advisor: David Wagner and John Louis Manferdelli


BibTeX citation:

@phdthesis{Beekman:EECS-2016-219,
    Author = {Beekman, Jethro},
    Title = {Improving Cloud Security using Secure Enclaves},
    School = {EECS Department, University of California, Berkeley},
    Year = {2016},
    Month = {Dec},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-219.html},
    Number = {UCB/EECS-2016-219},
    Abstract = {Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about what is happening on the server side. As a worst case scenario, the service might be subjected to an insider attack.

This dissertation describes the unalterable secure service concept for trustworthy cloud computing. Secure services are a powerful abstraction that enables viewing the cloud as a true extension of local computing resources. Secure services combine the security benefits one gets locally with the manageability and availability of the distributed cloud.

Secure services are implemented using secure enclaves. Remote attestation of the server is used to obtain guarantees about the programming of the service. This dissertation addresses concerns related to using secure enclaves such as providing data freshness and distributing identity information. Certificate Transparency is augmented to distribute information about which services exist and what they do. All combined, this creates a platform that allows legacy clients to obtain security guarantees about Internet services.}
}

EndNote citation:

%0 Thesis
%A Beekman, Jethro
%T Improving Cloud Security using Secure Enclaves
%I EECS Department, University of California, Berkeley
%D 2016
%8 December 22
%@ UCB/EECS-2016-219
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-219.html
%F Beekman:EECS-2016-219