CSAIL Event Calendar

Breaks in the Cloud

Title: Breaks in the Cloud


Abstract: One appeal of cloud computing is the simple abstraction layer it
presents to tenants--in the case of IaaS, of homogeneously resourced,
isolated virtual machines. In reality, breakdowns in such abstractions
create opportunities for tenant abuse. I'll describe two potential
vulnerabilities of public clouds in this talk: (1) A cross-VM side-channel
attack that permits attacker exfiltration of cryptographic keys from a victim VM and (2) A "placement gaming" scheme that enables a tenant to harvest higher-value resources than those otherwise assigned by the cloud provider, potentially at the expense of co-tenants.

This talk is based on papers published at ACM CCS '12 and SoCC '12, and is joint work with Yinqian Zhang and Mike Reiter (UNC), Ben Farley, Venkatanathan Varadarajan, Tom Ristenpart, and Mike Swift (Univ. of Wisconsin), and Kevin Bowers (RSA).

Bio: Dr. Ari Juels is Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories. He works to bring sparks of invention and insight from RSA's scientists and affiliates to the company at large and advises on the science behind RSA’s technology strategy and vision. He joined RSA in 1996.

Ari's dozens of research publications span a range of topics, including biometric security, RFID security and privacy, electronic voting, browser security, combinatorial optimization, and denial-of-service protection.

Ari has served as the program chair or co-chair for a number of conferences and workshops, and is a frequent invited speaker at industry events. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Computerworld honored him in its "40 Under 40" list in 2007.

See other events that are part of CSAIL Security Seminar 2012/2013

See other events happening in November 2012