back to article Redmond promises even MORE cloudy crypto

Get ready for the spooks to howl: Microsoft Research has developed another layer of security to lock up customer data in the cloud. What the Redmond boffins dub "VC3" – Verifiable Confidential Cloud Computing – takes advantage of Intel's SGX command set to create a “lockbox” for customers running MapReduce computations in the …

Silver badge

Not sure about this

"To make the calculations, the client’s data is loaded into the secure hardware in the cloud, where the data is decrypted, processed and re-encrypted."

Doesn't that mean giving the 'cloudy box' your encryption keys? Or maybe the cloudy box sends you a key that you use to encrypt your data first, before sending it off. Anyone?

4
0
Silver badge
Holmes

My takeaway is...

the end of computing under our control. Only the signed, unmodified application has control over what is allowed. It would not be the least bit difficult to only allow "proper" applications to execute with only vetted data. Yeah, tinfoil-hat time, but I've yet to read anything to the contrary that would prevent this. Drekload ton of documents to process here.

Interesting how game consoles popped up and made a brief appearance. I'm quite sure that Microsoft, if not Sony and Nintendo as well, noticed.

0
1
Silver badge
Thumb Up

Re: My takeaway is...

I think it's more the opposite. All these technologies are new and enhance your control. I don't mean they're new in the sense of updated versions of old tools, I mean they're new in the sense of doing things that weren't actually use cases previously.

In the Olden Days, data was data and security was about not letting someone have access to your computer. Then it started to get more sophisticated and it was about having the right user accounts on the box, but if you could access the hardware you could still read the data off the drive. Then we started to see technologies that guarded data against physical access - TruCrypt, Bitlocker, et al. Essentially making security entirely about verifiable credentials.

Now we're seeing that taken to the next stage where entire "machines" (as in VMs) and processes depend on verifiable credentials. The uptake of the Cloud for people's platforms is actually driving the development of tools for controlling what happens and what is accessible that are even more capable than their predecessors. Because the Cloud makes such things necessary.

And ironically, governments' determination to spy on people is running headlong into existing business needs and pushing forward this technology far faster than it would develop on its own. MS have and will always have, one overriding goal - get your money. What we're seeing here, is them finding ways to code around the US government. The article is right to say that this will make the NSA howl.

And I have no problem with that. ;)

4
1
Anonymous Coward

Re: My takeaway is...

What we're seeing here, is them finding ways to code around the US government.

How naive. They can't code their way around the law.

0
2
Silver badge

Re: My takeaway is...

>>"How naive. They can't code their way around the law."

Of course you can. Accountants do it all the time. If you are hosting only encrypted content that you yourself cannot access, then for example, you cannot be made to reveal what you know because you don't know anything. MS are simply taking it one (well two) steps further and finding ways to make it so that even processes cannot be accessed by them. Remember, MS's goal is to get your money, not to get your internal data - that's the government's aim (though they would like your money too). So it's entirely within MS's interests to find ways to lock even themselves out, odd though that sounds.

3
0
Anonymous Coward

Re: My takeaway is...

I don't think you get it.

0
0
Silver badge

Re: My takeaway is...

Oh I get it. I also see where it can take us and you aren't going to like it. It comes down to who is exercising control. This could very easily be a perfect walled garden with respect to all consumer devices. Corporations won't have much to worry about. Initially.

1
0
Big Brother

I just cant

bring myself to trust *any* globalmegahypercorp with my data.

Back doors, poor encryption, or good encryption but badly implemented. Seems that if someone really wants to access my data, either by hook or by crook, they will access it..

3
0
Boffin

The only way...

... I'd upload any data to Cloud Storage is if it was *already* encrypted!

0
0
Anonymous Coward

And this is from the same company that (almost) requires an on-line account for their OS, and making it ever so easy to store private files on their cloud storage.

But it's ok, they wont sell your data to 3rd parties - they want to keep it to themselves so they can charge others to perform "calculations" on it. What do we get in return? A free upgrade to their OS.

No thanks, Microsoft. Targeted advertising is one thing, but not this shit. They've broken the camel's back for me, now.

0
3

The truth is...

Put your info outside of the infrastructure you control and it is no longer secure.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018