TClouds is proud to publish a collection of 15 fact sheets containing high-level descriptions of technology components, prototypes, and use cases developed within the TClouds project. These fact sheets explain the advantages of TClouds technology in an easily accessible way.
Christian Cachin, Matthias Schunter: A Cloud You Can Trust -
How to ensure that cloud computing's problems—data breaches, leaks, service outages—don't obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.
Read it online at
The paper "TwinClouds - Secure Cloud Computing with Low Latency" has been accepted to the Communications and Multimedia Security (CMS'11) conference. The authors are Sven Bugiel, Stefan Nürnberger, Ahmad-Reza Sadeghi and Thomas Schneider.
Abstract: Cloud computing promises a cost effective enabling technology to outsource storage and massively parallel computations. However, existing approaches for provably secure outsourcing of data and arbitrary computations are either based on tamper-proof hardware or fully homomorphic encryption. The former approaches are not scaleable, while the latter ones are currently not efficient enough to be used in practice.
We propose an architecture and protocols that accumulate slow secure computations over time and provide the possibility to query them in parallel on demand by leveraging the benefits of cloud computing. In our approach, the user communicates with a resource-constrained Trusted Cloud (either a private cloud or built from multiple secure hardware modules) which encrypts algorithms and data to be stored and later on queried in the powerful but untrusted Commodity Cloud. We split our protocols such that the Trusted Cloud performs security-critical pre-computations in the setup phase, while the Commodity Cloud computes the time-critical query in parallel under encryption in the query phase.
A paper from the TClouds Team has been accepted at ESORICS 2011:
Sören Bleikertz, Thomas Gross, Matthias Schunter, Konrad Eriksson: Automated Information Flow Analysis of Virtualized Infrastructures, European research event in Computer Security (ESORICS 2011)
You can download the Submission Version (PDF)
Abstract The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly con figuring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support. We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information ow analysis based on graph traversal. The system discovers the actual con figurations of diverse virtualization environments and uni fies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system e ffectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components' information flow.