Client-Controlled Cryptography-as-a-Service in the Cloud
Today, a serious concern about cloud computing is the protection of clients' data and computations against various attacks from outsiders as well as against the cloud provider. Moreover, cloud clients are rather limited in implementing, deploying and controlling their own security solutions in the cloud. The provider theoretically has access to stored keys in dormant images and deploying keys during run-time is infeasible because authenticating running VM instances is not possible. In this paper, the authors present a security architecture that allows for establishing secure client-controlled Cryptography-as-a-Service (CaaS) in the cloud: their CaaS enables clients to be in control of the provisioning and usage of their credentials and cryptographic primitives.