| Public cloud is a shared computing environment for multiple tenants.Currently,applications and data of public clouds face serious security threats,in which the data security and trusted I/O paths are concerned.Us-ers deploy their data and algorithms on top of the cloud service provider's infrastructure,facing security threats from untrusted cloud service provid-ers and other tenants.Existing cloud architectures can not guarantee the confidentiality and integrity of the user's private data,and it is challenging to provide a trusted path between user programs and I/O devices and even ensure that they are not protected from high privilege software or malicious programs.It is self-evident that trusted I/O paths are essential to modern cloud computing security.To address this problem,we propose a novel design framework which leverages VMX and SGX technology,two features supported by Intel X86 processor to provide user data and applications a secure and trusted I/O path with the advantages of generality,transparency and security protection.In this thesis,we choose the typical human-machine interaction devices such as the keyboard,the electronic-voucher-dependent clock,and the complex protocol stack based network,as examples to illustrate the exten-sibility of our framework.To the best of our knowledge,we are the first to support a millisecond-level precision trusted clock and end-to-end secure networking for public cloud computing.Compared with the native Linux system as a baseline,our implementation of trusted keyboard,clock and network I/O communication introduced 0.75ms,0.41ms and 7%delay cost,respectively,which illustrates the practicality of this work. |
PDF Full Text Request