Abstract

With the proliferation of cloud computing, security concerns about confidentiality violations of user data by the privileged domain and system administrators have been growing. This paper proposes secure cloud architecture with a hardware security module, which isolates cloud user data from potentially malicious privileged domains or cloud administrators. Within a securely isolated execution environment, the hardware security module provides essential security functionality with only restricted interfaces exposed to vulnerable management systems or cloud administrators. Such restriction prevents cloud administrators from affecting the security of guest VMs. The proposed architecture not only defends against wide attack vectors but also achieves a small TCB. This paper discusses our hardware and software implementation of the proposed cloud architecture, analyzes its security, and presents its performance results.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A reused key attack on an encrypted mobile app database: Case study on KakaoTalk and ProtonMail
Uk Hur ... Jongsung Kim
Journal of Information Security and Applications | VOL. 67
Uk Hur, et. al.Uk Hur ... Jongsung Kim
05 May 2022
Secure Upgrade of Hardware Security Modules in Bank Networks
Riccardo Focardi ... Flaminia L Luccio
-
Riccardo Focardi, et. al.Riccardo Focardi ... Flaminia L Luccio
01 Jan 2009
Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations
Johannes Blömer ... Peter Günther
-
Johannes Blömer, et. al.Johannes Blömer ... Peter Günther
01 Jan 2018
ReCPE: A PE for Reconfigurable Lightweight Cryptography
Jeff Anderson ... Yousra Alkabani
-
Jeff Anderson, et. al.Jeff Anderson ... Yousra Alkabani
14 Sep 2021
View more papers

More From: IEEE Transactions on Services Computing

Paper Title
Journal
Date
Author
A Blockchain-Based Fish Supply Chain Framework for Maintaining Fish Quality and Authenticity
Shereen Ismail ... Fartash Vasefi
IEEE Transactions on Services Computing | VOL. 17
Shereen Ismail, et. al.Shereen Ismail ... Fartash Vasefi
01 Sep 2024
BTVMP: A Burst-Aware and Thermal-Efficient Virtual Machine Placement Approach for Cloud Data Centers
Jie Li ... Xiao Qin
IEEE Transactions on Services Computing | VOL. 17
Jie Li, et. al.Jie Li ... Xiao Qin
01 Sep 2024
Energy-Efficient and Privacy-Preserving Blockchain Based Federated Learning for Smart Healthcare System
Moirangthem Biken Singh ... Ajay Pratap
IEEE Transactions on Services Computing | VOL. 17
Moirangthem Biken Singh, et. al.Moirangthem Biken Singh ... Ajay Pratap
01 Sep 2024
Uformer-ICS: A U-Shaped Transformer for Image Compressive Sensing Service
Kuiyuan Zhang ... Yicong Zhou
IEEE Transactions on Services Computing | VOL. 17
Kuiyuan Zhang, et. al.Kuiyuan Zhang ... Yicong Zhou
01 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.