Lars Rasmusson, Mudassar Aslam


Companies that process business critical and secret data are reluctant to use utility and cloud computing for the risk that their data gets stolen by rogue system administrators at the hosting company. We describe a system organization that prevents host administrators from directly accessing or installing eaves-dropping software on the machine that holds the client’s valuable data. Clients are monitored via machine code probes that are inlined into the clients’ programs at runtime. The system enables the cloud provider to install and remove software probes into the machine code without stopping the client’s program, and it prevents the provider from installing probes not granted by the client.


  1. Bala, V., Duesterwald, E., and Banerjia, S. (2000). Dynamo: a transparent dynamic optimization system. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, PLDI 7800, pages 1-12, New York, NY, USA. ACM.
  2. Baldwin, A., Dalton, C., Shiu, S., Kostienko, K., and Rajpoot, Q. (2009). Providing secure services for a virtual infrastructure. SIGOPS Oper. Syst. Rev., 43:44- 51.
  3. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. (2003). Xen and the art of virtualization. SIGOPS Oper. Syst. Rev., 37:164-177.
  4. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. (2008). TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev., 42:40-47.
  5. Bruening, D. L. (2004). Efficient, transparent, and comprehensive runtime code manipulation. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA. .
  6. Bungale, P. P. and Luk, C.-K. (2007). PinOS: A programmable framework for whole-system dynamic instrumentation. In Proceedings of the 3rd international conference on Virtual execution environments, VEE 7807, pages 137-147, New York, NY, USA. ACM.
  7. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., and Zamboni, D. (2009). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 7809, pages 97-102, New York, NY, USA. ACM.
  8. Constandache, I., Yumerefendi, A., and Chase, J. (2008). Secure control of portable images in a virtual computing utility. In Proceedings of the 1st ACM workshop on Virtual machine security, VMSec 7808, pages 1-8, New York, NY, USA. ACM.
  9. Descher, M., Masser, P., Feilhauer, T., Tjoa, A. M., and Huemer, D. (2009). Retaining data control to the client in infrastructure clouds. Availability, Reliability and Security, International Conference on, 0:9-16.
  10. 09.78.
  11. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., and Boneh, D. (2003). Terra: a virtual machinebased platform for trusted computing. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP 7803, pages 193-206, New York, NY, USA. ACM.
  12. Kuttikrishnan, D. (2011). Cloud Computing: Slow Adoption Rates, Current Obstacles.
  13. Lattner, C. and Adve, V. (2004). LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization, CGO 7804, pages 75-, Washington, DC, USA. IEEE Computer Society. LifelongOptimizationTR.pdf.
  14. Parno, B. (2008). Bootstrapping trust in a ”trusted” platform. In Proceedings of the 3rd Conference on Hot Topics in Security, pages 9:1- 9:6, Berkeley, CA, USA. USENIX Association. paper s/parno/parno.pdf.
  15. Payne, B. D., Carbone, M., and Lee, W. (2007). Secure and Flexible Monitoring of Virtual Machines. Computer Security Applications Conference, Annual, 0:385-397. 007.10.
  16. Reddi, V. J., Settle, A., Connors, D. A., and Cohn, R. S. (2004). PIN: A Binary Instrumentation Tool for Computer Architecture Research and Education. In Proceedings of the 2004 workshop on Computer Architecture Education: held in conjunction with the 31st International Symposium on Computer Architecture, WCAE 7804, New York, NY, USA. ACM.
  17. Rodero-Merino, L., Vaquero, L. M., Caron, E., Muresan, A., and Desprez, F. (2012). Building safe paas clouds: A survey on security in multitenant software platforms. Computers & Security, 31(1):96 - 108.
  18. Santos, N., Gummadi, K. P., and Rodrigues, R. (2009). Towards Trusted Cloud Computing. In Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud'09, Berkeley, CA, USA. USENIX Association. 36.
  19. Trusted Grub (2012). rub.
  20. Van Dijk, M. and Juels, A. (2010). On the impossibility of cryptography alone for privacy-preserving cloud computing. In Proceedings of the 5th USENIX conference on Hot topics in security, HotSec'10, pages 1-8, Berkeley, CA, USA. USENIX Association. pape rs/vanDijk.pdf.
  21. Vaquero, L. M., Rodero-Merino, L., and Morn, D. (2011). Locking the sky: a survey on IaaS cloud security. Computing, 91:93-118.
  22. Wan, M., Moore, R., and Rajasekar, A. (2009). Integration of cloud storage with data grids. Computing. icvci3 mainpaper pub-0910.pdf.

Paper Citation

in Harvard Style

Rasmusson L. and Aslam M. (2012). PROTECTING PRIVATE DATA IN THE CLOUD . In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-05-1, pages 5-12. DOI: 10.5220/0003895800050012

in Bibtex Style

author={Lars Rasmusson and Mudassar Aslam},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},

in EndNote Style

JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
SN - 978-989-8565-05-1
AU - Rasmusson L.
AU - Aslam M.
PY - 2012
SP - 5
EP - 12
DO - 10.5220/0003895800050012