skip to main content
10.1145/2295136.2295138acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
keynote

Hardware-enhanced access control for cloud computing

Published: 20 June 2012 Publication History

Abstract

Future trustworthy computer systems should provide built-in support for at least the cornerstone security properties of confidentiality, integrity and availability. Access control can help significantly towards achieving this. However, in today's computing landscape, traditional access control implemented only in software may be either insufficient or non-optimal. We discuss some of these situations. Furthermore, fine-grained access control and usage control mechanisms implemented in software are themselves subject to attack, and may impose heavy performance overheads. Can new hardware architecture improve the security achievable by software mechanisms for access control and usage control? If so, what types of hardware support are most useful while retaining the flexibility of software protection mechanisms? What can software do, to help hardware achieve the best results?
With the trend towards Cloud Computing, we discuss how new hardware architectural features for cloud servers can help protect the confidentiality and integrity of a cloud customer's code and data in his leased Virtual Machines -- even when the powerful underlying hypervisor may be compromised. This uses a new, non-bypassable form of hardware access control. Without requiring new hardware, we can also leverage the hardware trend towards manycore chips, and the already available hardware virtualization features, to enhance Cloud Security -- but with a few restrictions and some new software support.
In general, we would like to motivate collaborations between the software security and the hardware architecture communities to explore software-hardware co-design for security. What comes beyond access control in cloud computing and mobile computing ecosystems? The goal is to design future trustworthy systems that provide security protections, at the levels needed, when needed, even with malware in the system.

References

[1]
Jakub Szefer and Ruby B. Lee, Architectural Support for Hypervisor-Secure Virtualization, in Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2012.
[2]
Jakub Szefer and Ruby B. Lee, A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing, in Proceedings of the Second International Workshop on Security and Privacy in Cloud Computing (SPCC), June 2011.
[3]
Jakub Szefer, Eric Keller, Ruby B. Lee, and Jennifer Rexford, Eliminating the Hypervisor Attack Surface for a More Secure Cloud, in Proceedings of the Conference on Computer and Communications Security (CCS), October 2011.
[4]
Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee, NoHype: Virtualized cloud infrastructure without the virtualization, in Proceedings of the International Symposium on Computer Architecture (ISCA), pages 350--357, June 2010.
[5]
David Champagne and Ruby B. Lee, Scalable Architectural Support for Trusted Software, IEEE International Symposium on High-Performance Computer Architecture (HPCA), Jan. 2010.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '12: Proceedings of the 17th ACM symposium on Access Control Models and Technologies
June 2012
242 pages
ISBN:9781450312950
DOI:10.1145/2295136

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 June 2012

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud computing
  2. hardware security
  3. hardware-software co-design
  4. security architecture
  5. virtualization

Qualifiers

  • Keynote

Conference

SACMAT '12
Sponsor:

Acceptance Rates

SACMAT '12 Paper Acceptance Rate 19 of 73 submissions, 26%;
Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)On cloud security requirements, threats, vulnerabilities and countermeasuresComputer Science Review10.1016/j.cosrev.2019.05.00233:C(1-48)Online publication date: 1-Aug-2019
  • (2018)Virtualization Technologies and Cloud Security: Advantages, Issues, and PerspectivesFrom Database to Cyber Security10.1007/978-3-030-04834-1_9(166-185)Online publication date: 30-Nov-2018
  • (2017)A Terminology to Classify Artifacts for Cloud InfrastructureResearch Advances in Cloud Computing10.1007/978-981-10-5026-8_4(75-92)Online publication date: 28-Dec-2017
  • (2013)CloudoscopyProceedings of the 2013 ACM workshop on Cloud computing security workshop10.1145/2517488.2517491(113-122)Online publication date: 8-Nov-2013

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media