| This is the goal of CloudProxy: http://www.eecs.berkeley.edu/Pubs/TechRpts/2013/EECS-2013-13... which is open source: https://github.com/jlmucb/cloudproxy It relies on TPMs (trusted platform modules, a hardware root of trust). What confused me about the naming is that CloudProxy is an OS, not a proxy server. It's a distributed OS that provides attestation of the identity of remote code. To do this you need secure boot and key management. If anyone dives further into it, let me know :) I'm curious how deployable it is from the Github repo. I guess you can run it on Linux, but I'm not sure how the kernel is involved in the chain of trust. I would have thought you needed your own OS. The CloudProxy Tao (henceforth, “the Tao”) is a recipe for creating secure, distributed, cloud-based services by
combining ingredients that are already available in many cloud data centers. The Tao is realized as an interface that
can be implemented at any layer of a system. CloudProxy implements multiple layers of the Tao and provides means
for - protecting the confidentiality and integrity of information stored or transmitted by some hosted program, - establishing that the code executed as a hosted program in a cloud is the expected code and is being run in the
expected environment, and - authenticating requests to the hosted program to check that they come from a client executing some expected
program in an expected environment, either remotely or locally in the cloud. CloudProxy is the first implemented, fully fleshed-out system providing these properties along with key management
and an appropriate trust model for all principals. |