Science & Enterprise subscription

Follow us on Twitter

  • Four pharmaceutical companies are signing on to an initiative that promises to make clinical trials friendlier to p… https://t.co/VNbOdOc8i5
    about 5 hours ago
  • New post on Science and Enterprise: Pharmas Join Digital Clinical Trial Project https://t.co/FkhSAEntxd #Science #Business
    about 5 hours ago
  • A robot device is being developed that can fly through the air and drive along the ground with a single motor, and… https://t.co/hyeUKY5hR0
    about 9 hours ago
  • New post on Science and Enterprise: Flying, Driving Drone Robot Unveiled https://t.co/5aAqW1FhfK #Science #Business
    about 9 hours ago
  • A new enterprise in the U.K. is creating treatments with stem cells to repair damaged nerve cells in the inner ear… https://t.co/y4qOmPcuWK
    about 1 day ago

Please share Science & Enterprise

RSS
Follow by Email
Facebook
Facebook
Google+
Twitter
Visit Us
LinkedIn
INSTAGRAM

Univ., IBM Team Creates Enhanced Cloud Security Technique

Peng Ning (Roger Winstead, North Carolina State University)

Peng Ning (Roger Winstead, North Carolina State University)

Computer scientists from North Carolina State University in Raleigh and IBM have developed a technique to better protect sensitive information in cloud computing, without compromising overall system performance. The research team, led by NC State professor Peng Ning (pictured left), will present its findings later in October at the 18th ACM Conference on Computer and Communications Security in Chicago.

In cloud computing, the computational power and storage of multiple computers is pooled and shared by multiple users. This sharing of computing power is made possible by programs called hypervisors that create the virtual workspace that allows different operating systems to run in isolation from one another.

One concern about cloud computing is the potential vulnerability of a hypervisor that can enable an attacker to steal or corrupt confidential data from other users in the cloud. The NC State/IBM team developed a new approach that isolates sensitive information and workload from the rest of the functions performed by a hypervisor.

Ning and colleagues call the new technique Strongly Isolated Computing Environment (SICE), which introduces a different layer of protection. SICE lets programmers dedicate specific cores on multi-core processors to the sensitive workload, thus allowing the other cores to perform all other functions normally. A core is a single processor on a computer chip, and many computers now use chips that have from two to eight cores.

By isolating the sensitive workload to one or a few cores and allowing other functions to operate separately, SICE can provide more assurance for the sensitive workload and efficient resource sharing in a cloud. Also, the software supporting the technique, called Trusted Computing Base, is about 300 lines of code, which helps further isolate the technique. “Previous techniques have exposed thousands of lines of code to potential attacks,” says Ning. “We have a smaller attack surface to protect.”

In testing, SICE generally took up about three percent of the system’s performance overhead on multi-core processors for workloads that do not require direct network access. “That is a fairly modest price to pay for the enhanced security,” Ning says.

Read more:

*     *     *

Please share Science & Enterprise ...
error

Comments are closed.