Abstract
One way to establish trust in a service is to know what code it is running. However, verified code identity is currently not possible for programs launched on a cloud by another party. We propose an approach to integrate support for code attestation—authenticated statements of code identity—into layered cloud platforms and services. To illustrate, this paper describes TapCon, an attesting container manager that provides source-based attestation and network-based authentication for containers on a trusted cloud platform incorporating new features for code attestation. TapCon allows a third party to verify that an attested container is running specific code bound securely to an identified source repository. We also show how to use attested code identity as a basis for access control. This structure enables new use cases such as joint data mining, in which two data owners agree on a safe analytics program that protects the privacy of their inputs, and then ensure that only the designated program can access their data.
| Original language | English |
|---|---|
| State | Published - 2017 |
| Externally published | Yes |
| Event | 9th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2017 - Santa Clara, United States Duration: 10 Jul 2017 → 11 Jul 2017 |
Conference
| Conference | 9th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2017 |
|---|---|
| Country/Territory | United States |
| City | Santa Clara |
| Period | 10/07/17 → 11/07/17 |