H-Verifier: Verifying Confidential System State with Delegated Sandboxes

Liu, Anyi; Qu, Guangzhi

doi:10.1007/978-3-030-03026-1_9

Cited by 1 publication

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast to our prior work [31], which proposed a preliminary framework that describes the functionalities of key components with limited technical details, we extend it with comprehensive coverage, more technical details, and security analysis in this paper. The remainder of the paper is organized as follows.…”

Section: Introductionmentioning

confidence: 99%

Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log

Liu¹,

Haidar²,

Cheng³

et al. 2019

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is di cult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-speci ed model, the model is susceptible to various exploits. In this paper, we present VERDICT, a system that ampli es the capability of the existing cloud audit services and allows users to check the state of a cloud job through the con dential model and audit log. VERDICT extracts the model from an application and keeps it in the encrypted form. The encrypted model is partitioned and updated with homomorphic encryption cipher in multiple sandboxes. The state of a delegated job can be checked by cloud users at any time. We implement VERDICT and deploy it in the VMs and containers on popular cloud platforms. Our evaluation shows that VERDICT is capable of reporting the state of a cloud job at run time, keeping the model con dential, and detecting malicious operations.

show abstract

Section: Introductionmentioning

confidence: 99%