ECE Seminar: Security Threats and Defenses in Multi-Tenant Public Clouds
Friday, February 21, 2014
11:30 am - 12:30 pm
Gross Hall 330
Yinqian Zhang, PhD Candidate
This talk covers a series of studies on the security threats and defenses in multi-tenant public clouds. In particular, it details the work on cache-based side-channel attacks that can successfully extract cryptographic private keys from another VM co-located on the same physical machine, which calls into question the established belief that the security isolation provided by modern virtualization technologies remains adequate under the new threat model in multi-tenant public clouds. To address such threats, two defensive techniques were devised, which can be adopted by cloud tenants immediately on modern cloud platforms without extra help from the providers: (1) for tenants requiring a high degree of security and physical isolation, a tool to facilitate cloud auditing of such isolation without querying the cloud provider; and (2) for tenants who use multi-tenant cloud services, an operating-system-level defense for the tenants to defend against side-channel threats on their own.Yinqian Zhang is a Ph.D. candidate in the Computer Science Department of the University of North Carolina at Chapel Hill. His research focuses on computer systems and security, with particular emphasis on the security of virtualized and distributed systems. His work on side-channel analysis in the clouds was broadly cited in academia and widely discussed in popular technology news websites.