Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Title | Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems |
Publication Type | Conference Paper |
Year of Publication | 2012 |
Authors | Martignoni, L., Poosankam P., Zaharia M., Han J., McCamant S., Song D., Paxson V., Perrig A., Shenker S. J., & Stoica I. |
Page(s) | 165-176 |
Other Numbers | 3353 |
Abstract | Current PC- and web-based applications provide insufficientsecurity for the information they access, becausevulnerabilities anywhere in a large client software stackcan compromise confidentiality and integrity. We proposea new architecture for secure applications, CloudTerminal, in which the only software running on the endhost is a lightweight secure thin terminal, and most applicationlogic is in a remote cloud rendering engine. Thesecure thin terminal has a very small TCB (23 KLOC)and no dependence on the untrusted OS, so it can beeasily checked and remotely attested to. The terminal isalso general-purpose: it simply supplies a secure displayand input path to remote software. The cloud renderingengine runs an off-the-shelf application in a restrictedVM hosted by the provider, but resource sharing betweenVMs lets one server support hundreds of users. We implementa secure thin terminal that runs on standard PChardware and provides a responsive interface to applicationslike banking, email, and document editing. We alsoshow that our cloud rendering engine can provide secureonline banking for 510 cents per user per month. |
Acknowledgment | Our shepherd Jon Howell suggested a change to the verificationprotocol to reduce assumptions about the phone system.The work described here has been supported by theNSF under awards CCF-0424422, 0842695, 0831501, andCNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for SecureComputing, a Google PhD fellowship, and the NSERC(Canada). Any opinions, findings, and conclusions or recommendationsexpressed in this material are those of the authorsand do not necessarily reflect the views of the funders. |
URL | http://www.icsi.berkeley.edu/pubs/networking/ICSI_cloudterminalsecure12.pdf |
Bibliographic Notes | Proceedings of the USENIX Annual Technical Conference (ATC), pp. 165-176, Boston, MA |
Abbreviated Authors | L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Article in conference proceedings |