Enhancing the OS against Security Threats in System Administration

Santos, Nuno; Rodrigues, Rodrigo; Ford, Bryan

doi:10.1007/978-3-642-35170-9_21

Cited by 6 publications

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attackers may attempt to breach into the systems in various ways, either through an external vector, e.g., by exploiting software bugs or, configuration errors [7], or via an internal vector, e.g., through, malicious admins [8,85], or employees victim of social engineering attacks [111]. These threats are even more pronounced due to virtualization in the cloud, where a co-located tenant [107] or even a malicious cloud administrator [106] can violate the confidentiality and integrity properties.…”

Section: Introductionmentioning

confidence: 99%

Secure and Policy-Compliant Query Processing on Heterogeneous Computational Storage Architectures

Unnibhavi

Cerdeira

Barbalace

et al. 2022

Proceedings of the 2022 International Conference on Management of Data

Self Cite

View full text Add to dashboard Cite

Computation Storage Architectures (CSA) are increasingly adopted in the cloud for near data processing, where the underlying storage devices/servers are now equipped with heterogeneous cores which enable computation offloading near to the data. While CSA is a promising high-performance architecture for the cloud, in general data analytics also presents significant data security and policy compliance (e.g., GDPR) challenges in untrusted cloud environments.In this paper, we present IronSafe, a secure and policy-compliant query processing system for heterogeneous computational storage architectures, while preserving the performance advantages of CSA in untrusted cloud environments. To achieve these design properties in a computing environment with heterogeneous host (x86) and storage system (ARM), we design and implement the entire hardware and software system stack from the ground-up leveraging hardwareassisted Trusted Execution Environments (TEEs): namely, Intel SGX and ARM TrustZone. More specifically, IronSafe builds on three core contributions: (1) a heterogeneous confidential computing framework for shielded execution with x86 and ARM TEEs and associated secure storage system for the untrusted storage medium; (2) a policy compliance monitor to provide a unified service for attestation and policy compliance; and (3) a declarative policy language and associated interpreter for concisely specifying and efficiently evaluating a rich set of polices. Our evaluation using the TPC-H SQL benchmark queries and GDPR anti-pattern use-cases shows that IronSafe is faster, on average by 2.3× than a host-only secure system, while providing strong security and policy-compliance properties. CCS Concepts• Security and privacy → Trusted computing; Database and storage security.

show abstract

Section: Introductionmentioning

confidence: 99%