Moving Towards a Non-Hierarchical Security Model presented at AusCERT 2014

by Raoul Strackx,

Summary : Cloud services enable corporations to outsource many IT tasks. They guarantee that data is always backed up, (virtual) servers are hot swappable servers in case Internet connectivity or power supply suddenly fails, (virtual) servers can be added easily when the company grows, etc. Unfortunately these advantages are overshadowed by recent revelations of widespread government surveillance. Cloud providers may be forced legally to co-operate with government agencies and integrity and confidentiality of user data may not be guaranteed.
Recent advances in security architectures are able to mitigate many of these threats. Instead of relying on a large software stack that may be compromised, hardware support for isolation and attestation is provided. Users of cloud services only have to trust their own software modules and the processor they run on. The remaining infrastructure of the cloud providers does not have to be trusted. Given recent announcements by Intel to support such security features in next generation processors and their significant advantages, we expect a widespread application of this security technology in the near future.