Abstract
The Enterprise Level Security (ELS) model focuses on designing secure, distributed web-based systems starting from basic principles. One area of ELS that poses significant design challenges is protection of web server private keys in a public cloud. Web server private keys are of critical importance because they control who can act as the server to represent the enterprise. This includes responding to requests as well as making requests within the enterprise and to its partners. The cloud provider is not part of this trusted network of servers, so the cloud provider should not have access to server private keys. However, current cloud systems are designed to allow cloud providers free access to server private keys. This paper proposes design solutions to securely manage private keys in a public cloud. An examination of commonly used approaches demonstrates the ease with which cloud providers can currently control server private keys. Two designs are proposed to prevent cloud provider access to keys, and their implementation issues are discussed.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
