Projekt per år
Sammanfattning
This paper addresses the need for secure storage in virtualized services in the cloud. To this purpose, we evaluate the security properties of Intel's Software Guard Extensions (SGX) technology, which provides hardware protection for general applications, for securing virtual Hardware Security Modules (vHSM). In order for the analysis to be comparable with analyses of physical HSMs, the evaluation proceeds from the FIPS 140--3 standard, the successor to FIPS 140--2, which is commonly used to assess security properties of HSMs.
Our contribution is twofold. First, we provide a detailed security evaluation of vHSMs using the FIPS 140–3 standard. Second, after concluding that the standard is designed for stand-alone rather than virtual systems, we propose a supplementary threat model, which considers threats from different actors separately. This model allows for different levels of trust in actors with different capabilities and can thus be used to assess which parts of FIPS 140--3 that should be considered for a specific attacker.
Using FIPS 140--3 in combination with the threat model, we find that SGX enclaves provide sufficient protection against a large part of the potential actors in the cloud. Thus, depending on the threat model, SGX can be a helpful tool for providing secure storage for virtualized services.
Our contribution is twofold. First, we provide a detailed security evaluation of vHSMs using the FIPS 140–3 standard. Second, after concluding that the standard is designed for stand-alone rather than virtual systems, we propose a supplementary threat model, which considers threats from different actors separately. This model allows for different levels of trust in actors with different capabilities and can thus be used to assess which parts of FIPS 140--3 that should be considered for a specific attacker.
Using FIPS 140--3 in combination with the threat model, we find that SGX enclaves provide sufficient protection against a large part of the potential actors in the cloud. Thus, depending on the threat model, SGX can be a helpful tool for providing secure storage for virtualized services.
Originalspråk | engelska |
---|---|
Titel på värdpublikation | Lecture Notes in Computer Science |
Förlag | Springer Science and Business Media B.V. |
Sidor | 32-47 |
Volym | 12395 |
ISBN (tryckt) | 978-303058985-1 |
DOI | |
Status | Published - 2020 |
Evenemang | 17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus2020 - Bratislava, Slovakien Varaktighet: 2020 sep. 14 → 2020 sep. 17 |
Konferens
Konferens | 17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus2020 |
---|---|
Land/Territorium | Slovakien |
Ort | Bratislava |
Period | 2020/09/14 → 2020/09/17 |
Ämnesklassifikation (UKÄ)
- Kommunikationssystem
- Annan data- och informationsvetenskap
Fingeravtryck
Utforska forskningsämnen för ”On the Suitability of Using SGX for Secure Key Storage in the Cloud”. Tillsammans bildar de ett unikt fingeravtryck.-
Side channels on software implementations of post-quantum cryptographic algorithms
Nilsson, A., Johansson, T. & Stankovski Wagner, P.
2017/09/01 → …
Projekt: Avhandling
-
SMARTY: Säkra mjukvaruuppdateringar för den smarta staden
Hell, M., Magnusson, B., Gehrmann, C., Paladi, N., Karlsson, L., Sönnerup, J., Johnsson, B. A., Hedin, G., Nordahl, M., Pagnin, E., Kundu, R. & Åkesson, A.
Stiftelsen för Strategisk Forskning, SSF
2018/03/01 → 2023/02/28
Projekt: Forskning