Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
SDI/ISTC Seminar
Marcus PeinadoMicrosoft
Marcus Peinado is an Architect in the Platform
Infrastructure Group at Microsoft Research,
Redmond. His interests include Operating Systems,
Trusted Computing and System Security. His past
and current projects in these areas include Haven,
VCCC, Hyper-V, Windows Media security, Controlled
Channel attacks and the MAS rootkit detector.
Marcus holds a Ph.D. from Boston University.
Shielding Applications from an Untrusted Cloud with Haven and VCCCToday's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data. We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator's OS, VM and firmware). The talk presents two prototype systems that allow applications to run in the cloud without having to trust it.
Haven is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host. VCCC is the first practical framework that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. Both systems leverage the hardware protections of Intel SGX to defend against privileged code and physical attacks such as memory probes.
ThursdayApril 7, 2016
RMCIC 4th Floor Panther Hollow Room
12:00 - 1:00 pm
VISITOR HOSTS: Majd Sakr, Garth GibsonVISITOR COORD: Majd Sakr, [email protected], 412-268-1161
For more information or questions:Karen Lindenfelser, 8-6716, [email protected]
http://www.pdl.cmu.edu/SDI/