Detection and Mitigation of Security Threats in Cloud Computing
COM1 Level 2
SR3, COM1-02-12
Abstract:
Infrastructure-as-a-Service (IaaS) clouds provide computation and storage services to large enterprises, small businesses and individuals with great elasticity, low cost and high energy efficiency. Cloud customers rent resources in the form of virtual machines (VMs), and deploy their applications and services in the remote datacenters. However, these VMs may face various security threats from different entities. It is important but challenging for cloud providers to create a reliable and secure computation environment for customers.
Current state-of-the-art cloud platforms from the research community and commodity products only provide limited security functionalities, which are far from enough to guarantee the security of VMs. In this talk, I will present my solutions to this challenge in two directions. First I will introduce a general-purpose architectural framework to protect customers' VMs in IaaS clouds. This framework monitors the security health of VMs in a comprehensive way, and automatically takes actions to mitigate the potential threats that can compromise customers' desired security properties. I define and verify the necessary hardware-software modules in cloud servers, secure communication protocols, management and security operations to guarantee this trustworthy and unforgeable monitoring service. Then I will present two types of threats: availability threat caused by multi-tenancy resource contention, and confidentiality threat via cache-based side channels. I will introduce two methodologies to defeat these threats with a novel repurposing of existing hardware features. My methodologies can be integrated into my framework, and they together form a secure cloud ecosystem.
Biodata:
Dr. Tianwei Zhang is a software engineer at Amazon Web Services. He received his Bachelor's degree in physics at Peking University, China, in 2011, and the Ph.D degree in Electrical Engineering at Princeton University in 2017, under the supervision of Ruby B. Lee. His research focuses on computer system and architecture security. He is particularly interested in building new frameworks and methodologies to enhance the security of cloud computing environment. He is also interested in verifying and quantifying the designs and mechanisms of security-aware architectures and systems. He has published papers in top-tier architecture and security conferences and journals (ISCA, IEEE micro, IEEE Transactions on Computers, ACSAC, RAID, AsiaCCS) as the first author.