dc.contributor.advisor | Brenna, Lars | |
dc.contributor.advisor | Gjerdrum, Anders | |
dc.contributor.advisor | Johansen, Håvard | |
dc.contributor.author | Hoff, Helge | |
dc.date.accessioned | 2018-07-02T12:37:43Z | |
dc.date.available | 2018-07-02T12:37:43Z | |
dc.date.issued | 2018-06-01 | |
dc.description.abstract | Caching services are vital for the performance of large-scale web services
running in the cloud. However, placing sensitive data in caching services,
implicitly includes all components of the cloud infrastructure that can be
exploited. Therefore, end-users place their trust in the entire security stack
of their service providers. In order to achieve confidentiality and integrity
of sensitive data residing in cache services, the cloud infrastructure must be
removed from the set of trusted components. This has led to a wide adoption
of hardware-assisted Trusted Execution Environments (TEEs), protecting user-level
software from higher-privileged system software.
The capabilities of TEEs do not support running legacy applications out-of-the-box.
Many prominent frameworks for tees have been developed to achieve
applicability through providing common programming abstractions. However,
these frameworks focus on providing native Linux services for tees, which
increases the probability for a trusted software component to be exploited.
Diggi is one such framework, utilizing Intel’s Software Guard Extension (SGX)
trusted computing infrastructure to provide secure execution. Diggi differs from
other framework for tees by implementing simplified abstraction for creating
distributed cloud applications. Moreover, by employing logically separated
tasks split into multiple units of application code, Diggi allows moving parts of
the application code and data into a tee, like, for instance, a caching service.
This allows to drastically reduce the set of trusted components in a system, and
only include the parts that require strong security guarantees.
This thesis describes the introduction of a modified memcached implementation,
called SecureCached, to the Diggi framework. We demonstrate the
feasibility of having a distributed cache deployed in a trusted execution environment. | en_US |
dc.identifier.uri | https://hdl.handle.net/10037/13116 | |
dc.language.iso | eng | en_US |
dc.publisher | UiT Norges arktiske universitet | en_US |
dc.publisher | UiT The Arctic University of Norway | en_US |
dc.rights.accessRights | openAccess | en_US |
dc.rights.holder | Copyright 2018 The Author(s) | |
dc.rights.uri | https://creativecommons.org/licenses/by-nc-sa/3.0 | en_US |
dc.rights | Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) | en_US |
dc.subject.courseID | INF-3981 | |
dc.subject | VDP::Teknologi: 500::Informasjons- og kommunikasjonsteknologi: 550::Datateknologi: 551 | en_US |
dc.subject | VDP::Technology: 500::Information and communication technology: 550::Computer technology: 551 | en_US |
dc.title | SecureCached. Secure caching with the Diggi framework. | en_US |
dc.type | Master thesis | en_US |
dc.type | Mastergradsoppgave | en_US |