Thursday, April 7, 2016
TIME: 12:00 pm - 1:00 pm
PLACE: RMCIC 4th Floor Panther Hollow Room
SPEAKER: Marcus Peinado,
TITLE: Shielding Applications from an Untrusted Cloud with Haven and VCCC
Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data. We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator's OS, VM and firmware). The talk presents two prototype systems that allow applications to run in the cloud without having to trust it.
Haven is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host. VCCC is the first practical framework that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. Both systems leverage the hardware protections of Intel SGX to defend against privileged code and physical attacks such as memory probes.
Marcus Peinado is an Architect in the Platform Infrastructure Group at Microsoft Research, Redmond. His interests include Operating Systems, Trusted Computing and System Security. His past and current projects in these areas include Haven, VCCC, Hyper-V, Windows Media security, Controlled Channel attacks and the MAS rootkit detector. Marcus holds a Ph.D. from Boston University.
VISITOR HOSTS: Majd Sakr, Garth Gibson
VISITOR COORDINATOR: Majd Sakr, email@example.com, 412-268-1161
SDI / ISTC SEMINAR QUESTIONS?
Karen Lindenfelser, 86716, or visit www.pdl.cmu.edu/SDI/
*partially funded by