Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

TitleCloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Publication TypeConference Paper
Year of Publication2012
AuthorsMartignoni, L., Poosankam P., Zaharia M., Han J., McCamant S., Song D., Paxson V., Perrig A., Shenker S. J., & Stoica I.
Other Numbers3353

Current PC- and web-based applications provide insufficientsecurity for the information they access, becausevulnerabilities anywhere in a large client software stackcan compromise confidentiality and integrity. We proposea new architecture for secure applications, CloudTerminal, in which the only software running on the endhost is a lightweight secure thin terminal, and most applicationlogic is in a remote cloud rendering engine. Thesecure thin terminal has a very small TCB (23 KLOC)and no dependence on the untrusted OS, so it can beeasily checked and remotely attested to. The terminal isalso general-purpose: it simply supplies a secure displayand input path to remote software. The cloud renderingengine runs an off-the-shelf application in a restrictedVM hosted by the provider, but resource sharing betweenVMs lets one server support hundreds of users. We implementa secure thin terminal that runs on standard PChardware and provides a responsive interface to applicationslike banking, email, and document editing. We alsoshow that our cloud rendering engine can provide secureonline banking for 5–10 cents per user per month.


Our shepherd Jon Howell suggested a change to the verificationprotocol to reduce assumptions about the phone system.The work described here has been supported by theNSF under awards CCF-0424422, 0842695, 0831501, andCNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for SecureComputing, a Google PhD fellowship, and the NSERC(Canada). Any opinions, findings, and conclusions or recommendationsexpressed in this material are those of the authorsand do not necessarily reflect the views of the funders.

Bibliographic Notes

Proceedings of the USENIX Annual Technical Conference (ATC), pp. 165-176, Boston, MA

Abbreviated Authors

L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings