Posted by Rob Knies

OSDI 2014 logoThe advent of the era of cloud computing is disrupting the IT industry, but one issue continues to impede a headlong rush to the cloud: trust.

That’s the contention of Andrew Baumann, (@1andrewb) a Microsoft researcher whose paper Shielding applications from an untrusted cloud with Haven, written with colleagues Marcus Peinado and Galen Hunt (@igalenhunt), has been named a best paper of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), being held in Broomfield, Colo., from Oct 6 to 8.

“One of the biggest impediments to cloud computing is the change in the trust model from on-premises computing,” Baumann explains. “When I store my data on my computer, I know that, with reasonable precaution, I can keep anyone else from accessing that data.

“However, when I store my data in the cloud, I must trust not only the cloud provider, but also the cloud provider’s operations staff and the legal authorities with jurisdiction over the cloud provider’s computers. This creates a huge friction on the movement of data and computing to the cloud.”

In the best-paper-winning publication, Baumann and his colleagues offer a concept they call “shielded execution,” which protects the confidentiality and the integrity of a program, as well as the associated data from the platform on which it runs—the cloud operator’s operating system, administrative software, and firmware.

The researchers’ prototype, named Haven, represents the first system that can achieve shielded execution of unmodified legacy applications on a commodity operating system and commodity hardware.

“With Haven,” Baumann says, “we have shown for the first time that it is possible to store data and perform computation in the cloud with equivalent trust to local computing. Our Haven prototype demonstrates how unmodified applications can run and store data in the cloud with complete security and privacy from the cloud operator, the provider’s operations staff, and legal authorities.”

Two Core Technologies

Haven uses the hardware protection proposed in Intel’s Software Guard Extensions (SGX)—a set of CPU instructions that can be used by applications to isolate code and data securely, enabling protected memory and execution. While previous work has demonstrated how SGX could protect simple computations, the Haven technology addresses the challenges of executing unmodified legacy binaries and protecting them from a malicious host.

“Haven is able to provide shielded execution in the cloud,” Baumann says, “by building on two core technologies: Drawbridge, a new kind of virtual-machine container from Microsoft Research, and SGX, a proposal from Intel to protect against malicious privileged code.

To produce Haven, Baumann’s team worked with the SGX research team at Intel Labs, including Matthew Hoekstra, Simon Johnson, Rebekah Leslie-Hurd, Frank McKeen, Carlos Rozas, and Krystof Zmudzinski. The Intel team provided the Microsoft researchers with an SGX emulator and reviewed a number of possible options for enhancements to the SGX architecture to enable uses such as Haven. Based, in part, on discoveries made by the Microsoft researchers during prototyping, Intel is producing a revised SGX specification.

“With Haven,” Baumann says, “we have demonstrated how to combine Drawbridge with SGX to provide shielding of arbitrary Windows Server applications, the kind of applications that run in the Azure cloud now, without any modification of the application code.”

For Mark Russinovich, chief technical officer for Microsoft Azure, those words are music to his ears.

“The implications of this technology on public clouds could be far-reaching,” he says, “with multiple use cases that will allow customers to take advantage of the agility, scale, and cost savings the cloud provides, while gaining unprecedented security in the processing and storage of their most sensitive data.”

The Haven paper is just one of eight papers from Microsoft Research being presented during OSDI, the premier forum for academics and industrial researchers to discuss the design, implementation, and implications of systems software.

Included on that list is Project Adam: Building an Efficient and Scalable Deep Learning Training System, written by Trishul Chilimbi, Yutaka Suzue, Johnson Apacible, and Karthik Kalyanaraman. Project Adam, which was publicly announced July 14 during Microsoft Research’s annual Faculty Summit, garnered a wealth of attention for its demonstration of the ability of large-scale, commodity distributed systems to train huge deep neural networks effectively, in this instance by identifying the precise breeds of individual dogs.

Other OSDI 2014 papers from Microsoft Research: