Abstract
Current PC- and web-based applications provide insufficient security for the information they access, because vulnerabilities anywhere in a large client software stack can compromise confidentiality and integrity. We propose a new architecture for secure applications, Cloud Terminal, in which the only software running on the end host is a lightweight secure thin terminal, and most application logic is in a remote cloud rendering engine. The secure thin terminal has a very small TCB (23 KLOC) and no dependence on the untrusted OS, so it can be easily checked and remotely attested to. The terminal is also general-purpose: it simply supplies a secure display and input path to remote software. The cloud rendering engine runs an off-the-shelf application in a restricted VM hosted by the provider, but resource sharing between VMs lets one server support hundreds of users. We implement a secure thin terminal that runs on standard PC hardware and provides a responsive interface to applications like banking, email, and document editing. We also show that our cloud rendering engine can provide secure online banking for 5-10 cents per user per month.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012 |
| Publisher | USENIX Association |
| Pages | 165-176 |
| Number of pages | 12 |
| ISBN (Electronic) | 9781931971935 |
| State | Published - 2019 |
| Externally published | Yes |
| Event | 2012 USENIX Annual Technical Conference, USENIX ATC 2012 - Boston, United States Duration: Jun 13 2012 → Jun 15 2012 |
Publication series
| Name | Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012 |
|---|
Conference
| Conference | 2012 USENIX Annual Technical Conference, USENIX ATC 2012 |
|---|---|
| Country/Territory | United States |
| City | Boston |
| Period | 6/13/12 → 6/15/12 |
Bibliographical note
Publisher Copyright:© 2012 by The USENIX Association. All Rights Reserved