Secure Computation: Minimizing the Trusted Computing Base
Cloud computing entails a sacrifice of control; users give up configuration and management oversight of the infrastructure that contains their data and computing resources. To make cloud computing more trustworthy we urgently need new security solutions. From financial information to medical records, sensitive data is stored and computed upon in the cloud. Computation requires the data to be exposed to the cloud servers, which may be attacked by malicious applications, hypervisors, operating systems, or by insiders. How can we guarantee efficient secure outsourced computation?
I will briefly explain the development of secure processor architectures in industry and academia – in particular, the impact of the Aegis and Ascend architectures in 2003 and 2012. This teaches us that minimizing the Trusted Computing Base in any architecture or system is a HW/SW/Crypto co-design in which we combine HW isolation, efficient crypto, and small trusted SW kernels. I will briefly explain current work in cloud computing where we use crypto’s “universal composability” to analyze the security of OpenStack, an open source Infrastructure-as-a-Service. Throughout the talk a number of concrete research problems and directions will be presented.
Marten van Dijk is the Charles H. Knapp Associate Professor at the Electrical and Computer Engineering department at the University of Connecticut. He has over 15 years of experience in system security research in both academia (MIT and UConn) and industry (Philips Research and RSA Laboratories). Most notably his work has been recognized by the A. Richard Newton Technical Impact Award in Electronic Design Automation (ACM & IEEE) in 2015, and has received several paper awards. Marten is associate editor of the IEEE Transactions on Computers and the IEEE Transactions on Trusted and Dependable Secure Computing.