Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers

Nonfiction, Computers, Advanced Computing, Computer Science, Internet, Security, Application Software, Computer Security
Cover of the book Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers by Bryan Jeffrey Parno, Association for Computing Machinery and Morgan & Claypool Publishers
View on Amazon View on AbeBooks View on Kobo View on B.Depository View on eBay View on Walmart
Author: Bryan Jeffrey Parno ISBN: 9781627054799
Publisher: Association for Computing Machinery and Morgan & Claypool Publishers Publication: June 1, 2014
Imprint: ACM Books Language: English
Author: Bryan Jeffrey Parno
ISBN: 9781627054799
Publisher: Association for Computing Machinery and Morgan & Claypool Publishers
Publication: June 1, 2014
Imprint: ACM Books
Language: English

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom adopted. In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today. Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner. Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.

View on Amazon View on AbeBooks View on Kobo View on B.Depository View on eBay View on Walmart

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom adopted. In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today. Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner. Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.

More books from Association for Computing Machinery and Morgan & Claypool Publishers

Cover of the book Reactive Internet Programming by Bryan Jeffrey Parno
Cover of the book A Framework for Scientific Discovery through Video Games by Bryan Jeffrey Parno
Cover of the book Candidate Multilinear Maps by Bryan Jeffrey Parno
Cover of the book The VR Book by Bryan Jeffrey Parno
Cover of the book The Sparse Fourier Transform by Bryan Jeffrey Parno
Cover of the book Ada's Legacy by Bryan Jeffrey Parno
Cover of the book An Architecture for Fast and General Data Processing on Large Clusters by Bryan Jeffrey Parno
Cover of the book Embracing Interference in Wireless Systems by Bryan Jeffrey Parno
Cover of the book Shared-Memory Parallelism Can be Simple, Fast, and Scalable by Bryan Jeffrey Parno
Cover of the book Declarative Logic Programming by Bryan Jeffrey Parno
Cover of the book Smarter Than Their Machines by Bryan Jeffrey Parno
Cover of the book Edmund Berkeley and the Social Responsibility of Computer Professionals by Bryan Jeffrey Parno
Cover of the book Text Data Management and Analysis by Bryan Jeffrey Parno
Cover of the book Verified Functional Programming in Agda by Bryan Jeffrey Parno
Cover of the book Communities of Computing by Bryan Jeffrey Parno
We use our own "cookies" and third party cookies to improve services and to see statistical information. By using this website, you agree to our Privacy Policy