Abstract
Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.
Original language | English (US) |
---|---|
Title of host publication | Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012 |
Publisher | USENIX Association |
Pages | 165-176 |
Number of pages | 12 |
ISBN (Electronic) | 9781931971935 |
State | Published - 2019 |
Externally published | Yes |
Event | 2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States Duration: Jun 13 2012 → Jun 15 2012 |
Publication series
Name | Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012 |
---|
Conference
Conference | 2012 USENIX Annual Technical Conference, USENIX ATC 2012 |
---|---|
Country/Territory | United States |
City | Boston |
Period | 6/13/12 → 6/15/12 |
Bibliographical note
Publisher Copyright:© 2012 by The USENIX Association. All Rights Reserved