Excalibur: Building Trustworthy Cloud Services

Accidental or intentional mismanagement of cloud software by administrators poses a serious threat to the integrity and confidentiality of customer data hosted by cloud services. Trusted computing provides an important foundation for designing cloud services that are more resilient to these threats. However, current trusted computing technology is ill-suited for the cloud as it exposes too many internal details of the cloud infrastructure, hinders fault tolerance and load-balancing flexibility, and performs poorly. We present Excalibur, a system that addresses these limitations. Excalibur enables the design of trustworthy cloud services by providing a new trusted computing abstraction called policy-sealed data. This abstraction enables data to be sealed (i.e., encrypted to a customer-defined policy) such that it can only be unsealed (i.e., decrypted) by nodes whose configurations match the policy. To provide this abstraction, Excalibur uses attribute-based encryption, which reduces the overhead of key management and improves the performance of the distributed protocols that are employed. To demonstrate that Excalibur is practical, we incorporated it in the Eucalyptus open-source cloud platform. Policy-sealed data can provide greater confidence to Eucalyptus customers that data is processed exclusively by nodes that meet their preferences.