The Channel logo


By | Richard Chirgwin 19th May 2015 01:15

Redmond promises even MORE cloudy crypto

Even the cloud provider can't see what you're doing

Get ready for the spooks to howl: Microsoft Research has developed another layer of security to lock up customer data in the cloud.

What the Redmond boffins dub "VC3" – Verifiable Confidential Cloud Computing – takes advantage of Intel's SGX command set to create a “lockbox” for customers running MapReduce computations in the cloud. It runs on unmodified Hadoop.

As the paper describing the work explains, the aim is to “keep Hadoop, the operating system, and the hypervisor out of the TCB” (trusted computing base).

That means the customer's confidentiality and integrity are preserved, “even if these large components are compromised”.

As this Microsoft post explains:

“Let’s say a financial services company wants to access a number of clients’ personal financial records to make a complex series of calculations in the cloud. That data is stored in a sort of lockbox that can be accessed only within secure hardware managed by VC3.

“To make the calculations, the client’s data is loaded into the secure hardware in the cloud, where the data is decrypted, processed and re-encrypted. No one else – including the people who work at the company running the cloud-based service – can see or access the data.”

Neither the data the customer is analysing, nor the code they're using to analyse it, are visible even to a bad actor in the cloud company, or someone who'd hacked into the provider's systems.

The researchers that created VC3, led by Felix Schuster of Microsoft Research and the Ruhr-Universitat Bochum in Germany, also reckon it runs without denting performance. “VC3’s average runtime overhead is negligible for its base security guarantees, 4.5 per cent with write integrity and 8 per cent with read/write integrity”, they claim.

The research was presented at the IEEE's Symposium on Security and Privacy in San Jose, California. ®

comment icon Read 11 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe