Trusting Your Cloud Provider. Protecting Private Virtual Machines. presented at DeepSec 2014

by Armin Simma,

Summary : SECRETS: My talk is first and foremost about secrets.
Most people refer to data at rest or data in motion by the term "secrets". When we talk about secrets usually we mean data at rest or data in motion. There are effective measures to protect these data, one of which is encryption. As you write in CfP 2013: "..uses encryption, access control…". Concerning (IaaS-)clouds we have data IN EXECUTION. That is, the virtual image / virtual machine (VM) sent to the cloud provider is the secret to be protected. The problem is: this secret must execute on someone else's system. Of course, we cannot simply encrypt the VM and send it to the provider. Homomorphic encryption would be a solution to this problem but at the time of writing it is academic i.e. it is not ready (and secure enough) to be used in real systems. In my talk (and our project) I want to show that it is possible to protect secrets (VM of the cloud customer) running on the providers host system using Trusted Computing technology.
FAILURES: Root users (superusers) usually have full control over and full access to a system. In our case the root user at the cloud providers site has full access to the provider's host system. Thus he has full access to the guest image (i.e. the VM of the customer). What if root is doing wrong or malicious action? He could gain insight or manipulate the guest image. Here is potential failure. In my talk I want to show how to keep root users from failures.
VISIONS: In our project we were building a prototype to show that it is possible to build the proposed system. But the technical system is not enough. We need an "ecosystem" to bring our idea to real life. This is my vision: We have a trusted third party (I call it TTT trusted third tester) that vouches for a trustworthy (in that case thoroughly tested) system and publishes reference hash values to compare with the running system. The cloud customer can use these reference values plus attestation technology to check that a trustworthy system is running on the provider's host. Using so-called sealing technology the VM will be decrypted on the provider's site only if the provider's system matches the reference hashes.