Trusted Anonymous Execution: A Model to Raise Trust in Cloud

Software-as-a-service (SaaS) provides developers a new convenient venue to distribute software by utilizing a cloud computing infrastructure. But as vendors start to deploy applications, and users upload data in cloud to utilize them, a new privacy concern arises, because data users would like to preserve their data (and maybe even their identities) private from the software provider. While cloud providers pledge to preserve data privacy, the current SaaS architecture makes it difficult to provide any assurance that the software in the cloud will not be able to make copies or redistribute the data it used. In this paper, we propose a new cloud based infrastructure which allows a clean differentiation between applications and data. We further utilize this differentiation to introduce the concept of trusted data binding, enforcing policy usage on application over data sets with the aid of trusted hardware such as the trusted platform module. We implemented our idea in a prototype system deployed in Amazon EC2, where software providers can upload software and data owners can search for algorithms to be executed privately on their data sets, with policy options such as a number of executions, data expiration and deletion, and encryption of data at rest. We believe that our contributions will be very beneficial for fields such as bioinformatics and software validation, were the software is executed against very sensitive data sets and require a high amount of computational resources.