MyCloud - Supporting user-configured privacy protection in cloud computing

Min Li, Wanyu Zang, Kun Bai, Meng Yu, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user's privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage. Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor's root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users' memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced the TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system with ∼5.8K LOCs on x86 architecture. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.

Original languageEnglish (US)
Title of host publicationProceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013
Pages59-68
Number of pages10
DOIs
StatePublished - Dec 1 2013
Event29th Annual Computer Security Applications Conference, ACSAC 2013 - New Orleans, LA, United States
Duration: Dec 9 2013Dec 13 2013

Publication series

NameACM International Conference Proceeding Series

Other

Other29th Annual Computer Security Applications Conference, ACSAC 2013
CountryUnited States
CityNew Orleans, LA
Period12/9/1312/13/13

Fingerprint

Cloud computing
Cryptography
Data storage equipment
Processing
Virtual machine

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Li, M., Zang, W., Bai, K., Yu, M., & Liu, P. (2013). MyCloud - Supporting user-configured privacy protection in cloud computing. In Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013 (pp. 59-68). (ACM International Conference Proceeding Series). https://doi.org/10.1145/2523649.2523680
Li, Min ; Zang, Wanyu ; Bai, Kun ; Yu, Meng ; Liu, Peng. / MyCloud - Supporting user-configured privacy protection in cloud computing. Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013. 2013. pp. 59-68 (ACM International Conference Proceeding Series).
@inproceedings{df813960f5cb4a8791ada9da61fbaec2,
title = "MyCloud - Supporting user-configured privacy protection in cloud computing",
abstract = "Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user's privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage. Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor's root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users' memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced the TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system with ∼5.8K LOCs on x86 architecture. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.",
author = "Min Li and Wanyu Zang and Kun Bai and Meng Yu and Peng Liu",
year = "2013",
month = "12",
day = "1",
doi = "10.1145/2523649.2523680",
language = "English (US)",
isbn = "9781450320153",
series = "ACM International Conference Proceeding Series",
pages = "59--68",
booktitle = "Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013",

}

Li, M, Zang, W, Bai, K, Yu, M & Liu, P 2013, MyCloud - Supporting user-configured privacy protection in cloud computing. in Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013. ACM International Conference Proceeding Series, pp. 59-68, 29th Annual Computer Security Applications Conference, ACSAC 2013, New Orleans, LA, United States, 12/9/13. https://doi.org/10.1145/2523649.2523680

MyCloud - Supporting user-configured privacy protection in cloud computing. / Li, Min; Zang, Wanyu; Bai, Kun; Yu, Meng; Liu, Peng.

Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013. 2013. p. 59-68 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - MyCloud - Supporting user-configured privacy protection in cloud computing

AU - Li, Min

AU - Zang, Wanyu

AU - Bai, Kun

AU - Yu, Meng

AU - Liu, Peng

PY - 2013/12/1

Y1 - 2013/12/1

N2 - Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user's privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage. Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor's root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users' memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced the TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system with ∼5.8K LOCs on x86 architecture. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.

AB - Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user's privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage. Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor's root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users' memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced the TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system with ∼5.8K LOCs on x86 architecture. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.

UR - http://www.scopus.com/inward/record.url?scp=84893318045&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893318045&partnerID=8YFLogxK

U2 - 10.1145/2523649.2523680

DO - 10.1145/2523649.2523680

M3 - Conference contribution

AN - SCOPUS:84893318045

SN - 9781450320153

T3 - ACM International Conference Proceeding Series

SP - 59

EP - 68

BT - Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013

ER -

Li M, Zang W, Bai K, Yu M, Liu P. MyCloud - Supporting user-configured privacy protection in cloud computing. In Proceedings - 29th Annual Computer Security Applications Conference, ACSAC 2013. 2013. p. 59-68. (ACM International Conference Proceeding Series). https://doi.org/10.1145/2523649.2523680