Cloud computing is a service model that enables users (or tenants) to get on-demand network access to a large shared pool of computing resources ("the cloud"). It encompasses the vision of providing computing as a utility. Existing cloud infrastructures are prone to security risks, due to many different types of failures (e.g., hardware failures, software bugs, power outages, server mis-configuration) that easily unfold at such large scale. RSA Labs has developed new cryptographic protocols with the goal of mitigating the inherent risks of using cloud computing.
Cloud Storage Security
RSA Labs has developed an efficient and lightweight remote auditing framework which allows users to measure the security of their cloud-based resources. Our framework provides more visibility to tenants about handling of their outsourced data and aids in ensuring compliance with regulations. Specifically, we have developed protocols which allow users to verify that their data is:
- Retrievable in its original form - Proofs of Retrievability
- Resilient to hardware failure - Remote Assessments of Fault Tolerance
- Encrypted when at rest - Hourglass
Cloud Storage Reliability
Existing cloud services have experienced many episodes of temporary unavailability and even spectacular cases of customer data loss. The system designed by RSA Labs entitled HAIL offers a new approach to building reliable, highly available and cost-effective cloud storage architectures resilient against potentially adversarial cloud failures.
Cloud Computing Security
Sharing of physical resources among different tenants may enable attackers to exfiltrate sensitive data from co-resident tenants (Ristenpart et al., 2009). RSA labs recently showed how Cross-VM side-channels attacks can be performed to extract private keys from other virtual machines. To protect highly sensitive workloads, cloud providers offer the option of running them physically isolated (in a virtual private cloud). RSA labs has developed a protocol, HomeAlone, that enables users to remotely verify that such isolation policies are implemented correctly by the cloud provider.