|
|
|
|
|
|
by sprin
3656 days ago
|
|
|
> it's inevitable to have a trust contract with them, it's pretty much essential to the notion of the cloud. I disagree. It's possible to make good use of public infrastructure without handling any important secrets on public machines. Under certain threat models, you have to assume public infrastructure is vulnerable to coercion of the providers and side-channel attacks from co-tenants. As we are beginning to see, providers have the tools and processes to comply with coercive demands (RAM/disk dumps) and co-tenants can feasibly succeed in obtaining secrets via side-channel attacks. Under models like this, public infrastructure is still useful for storing and routing encrypted information, enabling NAT traversal, and distributing signed material which can be authenticated at the client. |
|
|