Attestation-based Authorization for Stronger Security in the Cloud

Cloud platforms provide authorization systems that govern how tenants and their applications interact with one another and share data on the cloud. We consider how a cloud platform can enable richer access control when requests originate from within the cloud, e.g., from a running software instance controlled by another tenant. It is increasingly useful for these policy checks to consider information about the requesting program, including the software that it runs and its configuration, in order to create a stronger foundation for secure sharing of data in future clouds. This paper describes Latte, a cloud attestation system that provides a richer basis for authorization. It can authorize operations based on requester’s code identity, which includes source code, build environment and runtime configuration, as well as third-party endorsements of trustworthiness. Latte supports the layered environments common in cloud computing, such as Docker containers running within virtual machines, and distributed services such as the Spark data-analytics platform. We integrated Latte with OpenStack, Docker and Spark to demonstrate how Latte can be used to improve security and enable new usage scenarios, such as allowing untrusted parties to compute over private data. Adopting Latte requires few changes to application platforms. The overhead of Latte in most cases is negligible.