Extending its "lockbox" approach to securing data on the cloud, Microsoft's research arm today announced a new technology dubbed Verifiable Confidential Cloud Computing, or VC3.
Last year, the Redmond, Wash.-based software giant announced a new process for safeguarding cloud data called a lockbox. Encompassing a set of technologies, along with strict policies and IT practices at the company's cloud data centers, the approach essentially places customers in complete control of their data and requires that they issue their approval before even Microsoft's own administrators can access protected information.
Now, Microsoft is using a similar strategy to protect cloud workloads.
"This new technology, called VC3, uses enhanced security measures to make sure that your data is locked in a special lockbox, even when you are accessing it, to make calculations or other transactions," stated Allison Linn, a Microsoft Research writer, in a May 18 announcement. "The technology ensures that even the employees of the company hosting you in the cloud have no way of accessing or manipulating your data."
In an abstract of a paper presented during this week's IEEE Symposium on Security and Privacy in San Jose, Calif., Microsoft's researchers stated that VC3 is "the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results." MapReduce is a popular framework used to harness the power of several servers to process massive data sets.
"VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating system and the hypervisor out of the TCB; thus, confidentiality and integrity are preserved even if these large components are compromised," they continued. Microsoft's researchers also asserted that delivering these protections comes at a small price, performance-wise. Compared with unprotected Hadoop, "VC3's average runtime overhead is negligible for its base security guarantees," they noted.
Even administrators with physical access to VC3-protected servers will find the technology tough to crack, wrote the researchers. "Our threat model accounts for powerful adversaries that may control the whole cloud provider's software and hardware infrastructure, except for the certified physical processors involved in the computation."
A hypothetical financial services company can load client data "into the secure hardware in the cloud, where the data is decrypted, processed and re-encrypted," Linn said. "No one else—including the people who work at the company running the cloud-based service—can see or access the data."
Cloud companies have zero visibility into what goes on within the VC3 environment, reiterated Manuel Costa, Microsoft Research Cambridge principal researcher. "The cloud provider cannot see the data or the code that the customers are using for the analysis," he said in a statement.
Sriram Rajamani, assistant managing director of Microsoft Research India, said in a statement that the technology can help close the trust gap between on-premise and cloud-based IT systems. "We are investigating ways by which we can tell the customer, 'Even though you move your data to the cloud, you are still in control,'" he said.