Kenneth Alan Goldman

Security for the cloud infrastructure: trusted virtual data center implementation

The trusted virtual data center (TVDc) is a technology developed to address the need for strong isolation and integrity guarantees in virtualized environments. In this paper, we extend previous work on the TVDc by implementing controlled access to networked storage based on security labels and by implementing management prototypes that demonstrate the enforcement of isolation constraints and integrity checking. In addition, we extend the management paradigm for the TVDc with a hierarchical administration model based on trusted virtual domains and describe the challenges for future research.

Using secure coprocessors for privacy preserving collaborative data mining and analysis

Secure coprocessors have traditionally been used as a keystone of a security subsystem, eliminating the need to protect the rest of the subsystem with physical security measures. With technological advances and hardware miniaturization they have become increasingly powerful. This opens up the possibility of using them for non traditional use. This paper describes a solution for privacy preserving data sharing and mining using cryptographically secure but resource limited coprocessors. It uses memory light data mining methodologies along with a light weight database engine with federation capability, running on a coprocessor. The data to be shared resides with the enterprises that want to collaborate. This system will allow multiple enterprises, which are generally not allowed to share data, to do so solely for the purpose of detecting particular types of anomalies and for generating alerts. We also present results from experiments which demonstrate the value of such collaborations.

Scalable Attestation: A Step Toward Secure and Trusted Clouds

In this work we present Scalable Attestation, a method which combines both secure boot and trusted boot technologies, and extends them up into the host, its programs, and up into the guests operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, we gain a simple hardware based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud test beds based on the QEMU/KVM hypervisor, Open Stack, and Open Attestation, and is shown to provide significant additional integrity protection at negligible cost.

Matchbox: secure data sharing

Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control using digitally cosigned contracts to enforce sharing restrictions. To handle security operations, Matchbox uses the tamper-responding, programmable IBM 4758 cryptographic coprocessor. Matchbox servers can be distributed on a network for high availability, and parties can communicate with Matchbox over public networks - including hostile environments with untrusted hardware, software, and administrators.

Scalable integrity monitoring in virtualized environments

Use of trusted computing to achieve integrity guarantees remains limited due to the complexity of monitoring a large set of systems, the required changes to guest operating systems, and, e.g., relay attacks or time of measurement to time of reporting attacks. Datacenters with virtualization must scale to manage large numbers of virtual machines. We suggest an extension to virtualized trusted platform modules that significantly reduces the complexity of software attestation. It enables efficient event-based monitoring of a large number of virtual machines and eliminates attacks on the currently used attestation protocol. It targets patch and configuration management and audit. The virtual TPM extension requires only 700 lines of additional code. Our experiments confirm that this approach has very low performance overhead and is comparable to other resource monitoring tools.

Scalable Attestation: A Step toward Secure and Trusted Clouds

Scalable attestation combines secure boot and trusted boot technologies, and extends them up into the host, its programs, and into the guests operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is root privileged. As an added benefit of a hardware rooted attestation, the authors gain a simple hardware-based geolocation attestation to help enforce regulatory requirements. This design is implemented in multiple cloud testbeds based on the QEMU/KVM hypervisor, OpenStack, and OpenAttestation, and is shown to provide significant additional integrity protection at negligible cost.