Cloud terminal: Secure access to sensitive applications from untrusted systems

Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, Ion Stoica

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012
PublisherUSENIX Association
Pages165-176
Number of pages12
ISBN (Electronic)9781931971935
StatePublished - 2019
Externally publishedYes
Event2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States
Duration: Jun 13 2012Jun 15 2012

Publication series

NameProceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012

Conference

Conference2012 USENIX Annual Technical Conference, USENIX ATC 2012
CountryUnited States
CityBoston
Period6/13/126/15/12

Fingerprint Dive into the research topics of 'Cloud terminal: Secure access to sensitive applications from untrusted systems'. Together they form a unique fingerprint.

  • Cite this

    Martignoni, L., Poosankam, P., Zaharia, M., Han, J., McCamant, S., Song, D., Paxson, V., Perrig, A., Shenker, S., & Stoica, I. (2019). Cloud terminal: Secure access to sensitive applications from untrusted systems. In Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012 (pp. 165-176). (Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012). USENIX Association.