Cloud Terminal
[Overview] [Publications] [Back to BitBlaze]
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Current PC- and web-based applications provide insufficient
security for the information they access, because vulnerabilities
anywhere in a large client software stack can compromise
confidentiality and integrity.
We propose a new architecture for secure
applications, Cloud Terminal, in which the only software running on the end
host is a lightweight secure thin terminal, and most application
logic is in a remote cloud rendering engine.
The secure thin terminal has a very small TCB (23 KLOC) and no
dependence on the untrusted OS, so it can be easily checked and
remotely attested to.
The terminal is also general-purpose: it simply supplies a
secure display and input path to remote software.
The cloud rendering engine runs an off-the-shelf application in a restricted
VM hosted by the provider, but resource sharing between VMs lets
one server support hundreds of users.
We implement a secure thin terminal that runs on standard PC hardware
and provides a responsive interface to applications like banking,
email, and document editing.
We also show that our cloud rendering engine can
provide secure online banking for 5-10 cents per user per month.
Back to BitBlaze