Computer Science Thesis Proposal

Wednesday, December 9, 2015 - 11:30am


Traffic 21 Classroom 6501 Gates & Hillman Centers



For More Information, Contact:

Service outsourcing has been particularly incentivized by the Cloud Computing model. On the one side, clients can benefit from the significantly lower costs for using computational and network resources. On the other side, however, clients do not own the computational infrastructure, which therefore falls out of their trust domain. Consequently, when somebody other than the client performs the work, it is legitimate to question the correctness and trustworthiness of the service provider. The fundamental problem is how to enable the service owner, or a client, to get the benefits of using remote untrusted platforms, while still being able to check the correctness of the delivered results. Recently, lots of research effort has focused on finding solutions that leverage a small and cheap piece of trusted hardware installed inside the remote untrusted platform. However, the secure, efficient and hardware independent execution of real-world services remains an unmet challenge. In this thesis we propose practical and general protocols based on a hardware root of trust for securing large-scale outsourced services. We target (i) large real-world code bases (e.g., databases, data analytics services) that possibly operate over (ii) a large amount of data. Our objective is building security protocols that deliver correctness guarantees at a reasonable cost. In addition, we spend some effort to make our contributions (iii) oblivious to the underlying trusted component, so that they can be general and applicable to different security architectures. We propose three contributions towards this objective. First, we devise new secure code execution and verification protocols that address (i) and (iii). The key idea is to separate the concepts of executed code identity and verified code identity. Instead of checking what has been exactly executed, we let the client verify just a small part of the code, which is cryptographically bound through our protocols to the remaining code in the correct execution flow of the requested service. Such a robust chain enables the client to establish the correctness of the executed service, while providing the remote server with the flexibility of executing only the code that is necessary to serve a request. Additionally, our protocols are based on an abstract trusted component that can retrofit existing ones. Second, we propose a state management protocol to address (iii). The key idea is using virtual memory management and efficient authenticated data structures. This gives the client integrity guarantees about the (server-side) local state, and it gives the server the flexibility to load it block-wise and on-demand. We discuss how the technique could be applied to (i) and discuss its impact on (iii). Third, we present the Secure and Verifiable Passive Replication model that leverages trustworthy code executions to deliver the security guarantees of Active Replication and the efficiency of Passive Replication. We build a novel replicated system that is robust against software attacks, avoids redundant computations, and natively supports non-deterministic operations. We discuss how our other contributions impact the practicality and generality of such an efficient fault-tolerant system. Thesis Committee: Peter Steenkiste (Co-Chair) Nuno Neves (Co-Chair/University of Lisbon, Portugal) Anupam Datta Vyas Sekar Antonia Lopes (University of Lisbon, Portugal) Copy of Thesis Summary


Thesis Proposal