Modernizing Authentication — What It Takes to Transform Secure Access
Cloud computing is enjoying more success and greater adoption than it was just a few years ago. The enterprise cloud computing provider space – a market that includes Amazon, Google, Microsoft, IBM, EMC, Rackspace, Box, Dropbox and many, many others – is getting quite crowded indeed.
Yet many companies remain reluctant when it comes to cloud adoption. According to analysts at Enterprise Security Group, SaaS adoption among organizations is at 68 percent, IaaS at 41 percent and PaaS at 35 percent. While these numbers demonstrate significant cloud interest, they also demonstrate significant reticence.
Snowden and Security Fallout
The primary reasons for this reticence are security and control. The Edward Snowden revelations about government agency spying and electronic backdoors only exacerbated these concerns – particularly when it comes to U.S. cloud providers. Industry watchers have predicted that the U.S. cloud industry will lose tens of billions of dollars by the end of next calendar year as a result of the aftermath of the Snowden revelations.
During a panel presentation at the most recent NRS Technology and Communication Compliance Forum in Boston, Edward McNicholas, a partner at Sidley Austin, related a story of one of his firm's foreign financial services clients, whose U.S. cloud provider gave federal law enforcement unfettered access to the client's data for several days without first alerting the client.
"The FBI could be wandering amongst your files for a week and you have no idea," McNicholas cautioned his audience.
Safe Haven for Cloud Data
Security researchers at Microsoft are working to make these kinds of data stewardship-related cloud nightmares a thing of the past. A project known as Haven – the joint product of research teams from Microsoft and Intel – could help solve cloud computing's "trust problem" once and for all.
Haven is based on virtualization technology borrowed from a Microsoft Research prototype called Drawbridge. The Drawbridge technology enables application sandboxing by using a container to securely isolate multiple user programs running on a single machine, without incurring so much of the significant resource costs typical of hardware-based VM deployments.
Haven represents a marriage between Drawbridge and nascent technology from Intel called Software Guard Extensions, or SGX for short, that allows security-critical portions of an application to securely run in an encryption-protected "enclave" even if they are running on a compromised platform.
"In contrast to previous protection mechanisms such as process isolation, sandboxing, managed code, etc.[,] which serve to confine an untrusted program and protect the rest of a system from its actions," write the researchers in a paper explaining how Haven can "[shield] applications from an untrusted cloud," the technology Haven employs works by "protecting specific code from the rest of the system, however large or privileged."
Originally designed to keep applications such as password managers and document viewers secure, SGX attracted the interest of Drawbridge researchers, who began to experiment with running Drawbridge on SGX. They realized they could use this marriage of new technology to secure cloud applications – from hackers, from insider threats and from each other. Soon Intel joined the Drawbridge team in modifying these tools with a focus on cloud security in mind.
'Lockbox in the Cloud'
Haven is not the only Microsoft cloud security project relying upon SGX. Last month Microsoft researchers presented a paper at the IEEE Symposium on Security and Privacy in San Jose on what they call Verifiable Confidential Cloud Computing – also known as VC3.
VC3 uses Intel's SGX technology to create what Microsoft calls a "lockbox in the cloud." While VC3 runs on an unmodified version of Hadoop, it leverages SGX to exclude Hadoop itself – and other stack components such as the hypervisor and the operating system – from the trusted computing base (TCB). According to Microsoft researchers, this protects against "a powerful adversary who may control the entire software stack in a cloud provider’s infrastructure."
"The adversary may…record, replay, and modify network packets [or] data after it left the processor[.] Our adversary may in particular access any number of other jobs running on the cloud, thereby accounting for coalitions of users and data center nodes," write the VC3 researchers. "This captures typical attacks on cloud data centers, e. g., an administrator logging into a machine trying to read user data, or an attacker exploiting a vulnerability in the kernel and trying to access user data in memory, in the network, or on disk."
Using inverse isolation technology similar to Haven, VC3 effectively allows cloud customers to use MapReduce to work with and manipulate their cloud-hosted data in such a way that the data and any resulting calculations, projections or other data manipulation remains secure – even from the cloud provider (and any malicious insiders therein) itself.
This works by loading the cloud customer's data onto a secure portion of cloud system hardware – isolated by SGX – where the data can be safely decrypted and processed for customers actively working with the data. The data is encrypted again before being sent back out to where it is usually stored on the cloud when at rest.
In effect, the cloud provider would be unable to compromise its own customers' data, even if it was actively trying to do so – at least through typical methods. The researchers admit that their solution presumes "that the adversary is unable to physically open and manipulate at least those SGX-enabled processor packages that reside in the cloud provider’s data centers."
In any case, Drawbridge is still an unreleased research product, and there is not yet a release date for SGX. Consequently, Haven and VC3 are both still in development.
Still, Haven, VC3 and any other potential SGX-based cloud security solutions that may come down the line offer great promise, standing to revolutionize cloud security – and, in doing so, reinvigorate the cloud market.
"You have to trust the provider to keep the power on and allow you to send packets on the network, but you should not have to trust the provider not to leak or tamper with your data," said Andrew Baumann, a Microsoft researcher working on Haven. "If this kind of hardware becomes more widespread, I very much hope that in the future this will be the default model for the way things work in the cloud."
Joe Stanganelli is a writer, attorney and communications consultant. He is also principal and founding attorney of Beacon Hill Law in Boston. Follow him on Twitter at @JoeStanganelli.