MyCloud-Supporting User-Configured Privacy Protection in Cloud Computing

Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user’s privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage.
Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor’s root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users’ memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system on x86 platform and the prototype has 5.8K LOCs. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.

Author(s):

Min Li    
Virginia Commenwealth University
United States

Wanyu Zang    
Virginia Commenwealth University
United States

Kun Bai    
IBM T.J. Watson Research Center
United States

Meng Yu    
Virginia Commenwealth University
United States

Peng Liu    
Pennsylvania State University
United States