Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.
|Original language||English (US)|
|Title of host publication||Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012|
|Number of pages||12|
|State||Published - 2019|
|Event||2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States|
Duration: Jun 13 2012 → Jun 15 2012
|Name||Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012|
|Conference||2012 USENIX Annual Technical Conference, USENIX ATC 2012|
|Period||6/13/12 → 6/15/12|
Bibliographical noteFunding Information:
Our shepherd Jon Howell suggested a change to the verification protocol to reduce assumptions about the phone system. The work described here has been supported by the NSF under awards CCF-0424422, 0842695, 0831501, and CNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for Secure Computing, a Google PhD fellowship, and the NSERC (Canada). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders.
© 2012 by The USENIX Association. All Rights Reserved