Shielding Applications From an Untrusted Cloud With Haven
Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data. The authors introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator's OS, VM and firmware). Their prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications, including SQL (Structured Query Language) server and Apache, on a commodity OS (Windows) and commodity hardware.