Publications

Refine Results

(Filters Applied) Clear All

By

Supporting security sensitive tenants in a bare-metal cloud

July 10, 2019
  |
Conference Paper
Author:
Amin Mosayyebzadeh
Published in:
2019 USENIX Annual Technical Conf., 10-12 July 2019.
Topic:
cyber security
R&D area:
R&D group:

Summary

Bolted is a new architecture for bare-metal clouds that enables tenants to control tradeoffs between security, price, and performance. Security-sensitive tenants can minimize their trust in the public cloud provider and achieve similar levels of security and control that they can obtain in their own private data centers. At the same time, Bolted neither imposes overhead on tenants that are security insensitive nor compromises the flexibility or operational efficiency of the provider. Our prototype exploits a novel provisioning system and specialized firmware to enable elasticity similar to virtualized clouds. Experimentally we quantify the cost of different levels of security for a variety of workloads and demonstrate the value of giving control to the tenant.
READ LESS

Summary

Bolted is a new architecture for bare-metal clouds that enables tenants to control tradeoffs between security, price, and performance. Security-sensitive tenants can minimize their trust in the public cloud provider and achieve similar levels of security and control that they can obtain in their own private data centers. At the...

READ MORE
Supporting security sensitive tenants in a bare-metal cloud

Curator: provenance management for modern distributed systems

July 11, 2018
  |
Journal Article
Author:
Warren W. Smith
Published in:
10th Intl. Workshop on Theory and Practice of Provenance, TaPP, 11-12 July 2018.
Topic:
resilient systems
R&D area:
R&D group:

Summary

Data provenance is a valuable tool for protecting and troubleshooting distributed systems. Careful design of the provenance components reduces the impact on the design, implementation, and operation of the distributed system. In this paper, we present Curator, a provenance management toolkit that can be easily integrated with microservice-based systems and other modern distributed systems. This paper describes the design of Curator and discusses how we have used Curator to add provenance to distributed systems. We find that our approach results in no changes to the design of these distributed systems and minimal additional code and dependencies to manage. In addition, Curator uses the same scalable infrastructure as the distributed system and can therefore scale with the distributed system.
READ LESS

Summary

Data provenance is a valuable tool for protecting and troubleshooting distributed systems. Careful design of the provenance components reduces the impact on the design, implementation, and operation of the distributed system. In this paper, we present Curator, a provenance management toolkit that can be easily integrated with microservice-based systems and...

READ MORE
Curator: provenance management for modern distributed systems

A secure cloud with minimal provider trust

July 9, 2018
  |
Conference Paper
Author:
Amin Mosayyebzadeh
Published in:
10th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud, 9 July 2018.
Topic:
computing
R&D area:
R&D group:

Summary

Bolted is a new architecture for a bare metal cloud with the goal of providing security-sensitive customers of a cloud the same level of security and control that they can obtain in their own private data centers. It allows tenants to elastically allocate secure resources within a cloud while being protected from other previous, current, and future tenants of the cloud. The provisioning of a new server to a tenant isolates a bare metal server, only allowing it to communicate with other tenant's servers once its critical firmware and software have been attested to the tenant. Tenants, rather than the provider, control the tradeoffs between security, price, and performance. A prototype demonstrates scalable end-to-end security with small overhead compared to a less secure alternative.
READ LESS

Summary

Bolted is a new architecture for a bare metal cloud with the goal of providing security-sensitive customers of a cloud the same level of security and control that they can obtain in their own private data centers. It allows tenants to elastically allocate secure resources within a cloud while being...

READ MORE
A secure cloud with minimal provider trust
1-3 of 3