Cloud terminal: Secure access to sensitive applications from untrusted systems

Lorenzo Martignoni; Pongsin Poosankam; Matei Zaharia; Jun Han; Stephen McCamant; Dawn Song; Vern Paxson; Adrian Perrig; Scott Shenker; Ion Stoica

Cloud terminal: Secure access to sensitive applications from untrusted systems

Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, Ion Stoica

Department of Electrical and Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.

Original language	English
Title of host publication	Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012
Publisher	USENIX Association
Pages	165-176
Number of pages	12
ISBN (Electronic)	9781931971935
Publication status	Published - 2019
Event	2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States Duration: 2012 Jun 13 → 2012 Jun 15

Publication series

Name	Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012

Conference

Conference	2012 USENIX Annual Technical Conference, USENIX ATC 2012
Country/Territory	United States
City	Boston
Period	12/6/13 → 12/6/15

Bibliographical note

Funding Information:
Our shepherd Jon Howell suggested a change to the verification protocol to reduce assumptions about the phone system. The work described here has been supported by the NSF under awards CCF-0424422, 0842695, 0831501, and CNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for Secure Computing, a Google PhD fellowship, and the NSERC (Canada). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders.

Publisher Copyright:
© 2012 by The USENIX Association. All Rights Reserved

All Science Journal Classification (ASJC) codes

Computer Science(all)

Cite this

Martignoni, L., Poosankam, P., Zaharia, M., Han, J., McCamant, S., Song, D., Paxson, V., Perrig, A., Shenker, S., & Stoica, I. (2019). Cloud terminal: Secure access to sensitive applications from untrusted systems. In Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012 (pp. 165-176). (Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012). USENIX Association.

@inproceedings{2235f3ea653a4e3d8e912942eec79ed4,

title = "Cloud terminal: Secure access to sensitive applications from untrusted systems",

abstract = "Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.",

author = "Lorenzo Martignoni and Pongsin Poosankam and Matei Zaharia and Jun Han and Stephen McCamant and Dawn Song and Vern Paxson and Adrian Perrig and Scott Shenker and Ion Stoica",

note = "Funding Information: Our shepherd Jon Howell suggested a change to the verification protocol to reduce assumptions about the phone system. The work described here has been supported by the NSF under awards CCF-0424422, 0842695, 0831501, and CNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for Secure Computing, a Google PhD fellowship, and the NSERC (Canada). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders. Publisher Copyright: {\textcopyright} 2012 by The USENIX Association. All Rights Reserved; 2012 USENIX Annual Technical Conference, USENIX ATC 2012 ; Conference date: 13-06-2012 Through 15-06-2012",

year = "2019",

language = "English",

series = "Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012",

publisher = "USENIX Association",

pages = "165--176",

booktitle = "Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012",

}

Martignoni, L, Poosankam, P, Zaharia, M, Han, J, McCamant, S, Song, D, Paxson, V, Perrig, A, Shenker, S & Stoica, I 2019, Cloud terminal: Secure access to sensitive applications from untrusted systems. in Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012. Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012, USENIX Association, pp. 165-176, 2012 USENIX Annual Technical Conference, USENIX ATC 2012, Boston, United States, 12/6/13.

Cloud terminal: Secure access to sensitive applications from untrusted systems. / Martignoni, Lorenzo; Poosankam, Pongsin; Zaharia, Matei et al.
Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012. USENIX Association, 2019. p. 165-176 (Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Cloud terminal

T2 - 2012 USENIX Annual Technical Conference, USENIX ATC 2012

AU - Martignoni, Lorenzo

AU - Poosankam, Pongsin

AU - Zaharia, Matei

AU - Han, Jun

AU - McCamant, Stephen

AU - Song, Dawn

AU - Paxson, Vern

AU - Perrig, Adrian

AU - Shenker, Scott

AU - Stoica, Ion

N1 - Funding Information: Our shepherd Jon Howell suggested a change to the verification protocol to reduce assumptions about the phone system. The work described here has been supported by the NSF under awards CCF-0424422, 0842695, 0831501, and CNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for Secure Computing, a Google PhD fellowship, and the NSERC (Canada). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders. Publisher Copyright: © 2012 by The USENIX Association. All Rights Reserved

PY - 2019

Y1 - 2019

N2 - Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.

AB - Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.

UR - http://www.scopus.com/inward/record.url?scp=85077134302&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85077134302&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85077134302

T3 - Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012

SP - 165

EP - 176

BT - Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012

PB - USENIX Association

Y2 - 13 June 2012 through 15 June 2012

ER -

Cloud terminal: Secure access to sensitive applications from untrusted systems

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this