60 likes | 175 Views
Class 18 Security in Cloud Computing CIS 755: Advanced Computer Security Spring 2014. Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/. Administrative stuff. No office hours tomorrow End of semester is coming up – remember your projects!
E N D
Class 18Security in Cloud ComputingCIS 755: Advanced Computer SecuritySpring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/
Administrative stuff • No office hours tomorrow • End of semester is coming up – remember your projects! • You will present your results to the class – 10 to 12 minutes • Attend tomorrow’s talk (if you can): • “Privacy in the Age of Pervasive Cameras” • at 12:30 in N126
“Secure” cloud computing • Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds (2009) • HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis (2011) • Cross-VM Side Channels and Their Use to Extract Private Keys (2012)
Attack vectors • Side channels, of course! :) • Statistics FTW • Latency • Power, RF • Cache • Other vectors? • Other adversary models?
Solutions • Don’t use cloud computing :) • Run on “bare iron” when you use clouds • Run the same attack to verify that no one is “co-resident” • Data-only, i.e. remote disk but not CPU…?
Questions? Reading discussion