Researchers at Microsoft have developed a new approach to keep critical data and applications secure in the cloud. They’re calling it “Haven,” Tech World reports.
Haven works by cordoning off data and applications in memory away from the underlying infrastructure. It employs a technique called “shielded execution,” which protects the program and associated data from the platform on which they run, including the cloud provider’s operating system, administrative software, firmware and any other software supporting the application.
Haven will also provide extra protection not offered by existing techniques. It runs on commodity operating systems and works with any legacy application, say Microsoft researchers Andrew Baumann, Marcus Peinado and Galen Hunt who presented the approach at the USENIX Symposium on Operating Systems Design and Implementation in the US state of Colorado last week.
The approach exploits two new technologies: Intel’s Software Guard Extensions (SGX), a set of CPU instructions for setting aside private areas in memory, and Microsoft’s own Drawbridge technology, an experimental virtual container that can offer secure sandboxing of applications. Using the processor as a part of the security setup has met with approval from other security professionals.
The added security will help increase cloud adoption, say the researchers, by helping enterprises feel more comfortable using the cloud for mission-essential data and applications.