Cloud terminal: Secure access to sensitive applications from untrusted systems

Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, Ion Stoica

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations


Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012
PublisherUSENIX Association
Number of pages12
ISBN (Electronic)9781931971935
StatePublished - 2019
Event2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States
Duration: Jun 13 2012Jun 15 2012

Publication series

NameProceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012


Conference2012 USENIX Annual Technical Conference, USENIX ATC 2012
Country/TerritoryUnited States

Bibliographical note

Funding Information:
Our shepherd Jon Howell suggested a change to the verification protocol to reduce assumptions about the phone system. The work described here has been supported by the NSF under awards CCF-0424422, 0842695, 0831501, and CNS-0831535, the AFOSR under MURI awards FA9550-08-1-0352 and FA9550-09-1-0539, Intel through the ISTC for Secure Computing, a Google PhD fellowship, and the NSERC (Canada). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders.

Publisher Copyright:
© 2012 by The USENIX Association. All Rights Reserved


Dive into the research topics of 'Cloud terminal: Secure access to sensitive applications from untrusted systems'. Together they form a unique fingerprint.

Cite this