-1

How can I run my top secret code and data on any cloud hosting provider such that everyone even the hosting vendor with root is denied access ? ... a research proposal

What is the current state of either userspace or OS architecture such that only processes running with a one time expiring key can gain access to OS managed resources ( memory/networking/CPU)? It is not that data structures managed by the OS are all encrypted, rather that they appear encrypted to non key holders. Users running under root also must have such a key. Basically remove the notion of root with its unlimited powers. How far along is any project gotten so far towards providing this goal?

It does not go unnoticed that to solve the issue of an underlying hypervisor like OS having access to my computation I could scatter my code and data across multiple cloud providers and reconstitute downstream on my own local client such that no single cloud OS can gain any semantics

Perhaps userspace application level is better suited than the OS to implement this scatter then gather distributed encrypted chunking of compute and data

... the analogy would be a biological organism who's cells function in tiny disperse bodies where the entire organism only coalesces after the state of each cell is reported back to my secure client running locally ... sure this is computationally inefficient however I am willing to pay this price for ultimate privacy ... any security less than this is a joke since I cannot prove that the powers to be in today's cloud compute environments do not have their fingers in the pie

Scott Stensland
  • 241
  • 1
  • 10
  • 1
    I have the feeling that you have a specific attack or threat model in mind but don't tell us anything about it. Instead you only provide a concept how you yourself would deal with this threat and then ask if somebody has already implemented such a thing. I think it might be more helpful if you provide the actual threat model and why do you think that your approach is the best way to deal with this threat. Maybe others come up with better and maybe even existing approaches to this threat. See also [XY problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). – Steffen Ullrich Mar 23 '18 at 14:19
  • "What is the current state of..." -> I've never heard of anyone working on this particular solution. SELinux can dramatically limit the powers of root. Also, if your code is running on a hypervisor (Xen, KVM, VMware, etc.), then the host OS (which you have no control of) has access to all the resources of your VM. The closest solution I'm aware of is being able to run code under Intel SGX or ARM TrustZone. (Where the OS can't see the state of your running process.) – David Mar 23 '18 at 14:54
  • you describe a webapp with e2e; a thick trusted client and a dumb server – dandavis Mar 28 '18 at 06:16
  • This question is unanswerable until you take the time to actually understand what it is you're trying to do to a level where you can give strong definitions for your terms. As it stands, it sounds like came up with what you think is a cool idea, but have no idea what the consequences of that idea are or what goals are satisfied by implementing that idea—in other words, a solution looking for a problem. – Stephen Touset Mar 29 '18 at 19:36

1 Answers1

1

Hyper V has shielded VMs, which addresses some of your concerns. https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms

However, the ultimate answer is “no there is nothing you can do”. One of the fundamental laws of computer security is that if an attacker (in this case the cloud provider) has unlimited physical access to a computer, they can compromise the security of that computer.

myron-semack
  • 488
  • 4
  • 8