Guest Speaker: Yinqian Zhang
University of North Carolina, Chapel Hill
Talk Abstract: This talk covers a series of studies on the security threats and defenses in multi-tenant public clouds. In particular, it details the work on cache-based side-channel attacks that can successfully extract cryptographic private keys from another VM co-located on the same physical machine, which calls into question the established belief that the security isolation provided by modern virtualization technologies remains adequate under the new threat model in multi-tenant public clouds. To address such threats, two defensive techniques were devised, which can be adopted by cloud tenants immediately on modern cloud platforms without extra help from the providers: (1) for tenants requiring a high degree of security and physical isolation, a tool to facilitate cloud auditing of such isolation without querying the cloud provider; and (2) for tenants who use multi-tenant cloud services, an operating-system-level defense for the tenants to defend against side-channel threats on their own.
About the Speaker: Yinqian Zhang is a Ph.D. candidate in the Computer Science Department of the University of North Carolina at Chapel Hill, advised by Professor Michael Reiter. Yinqian's research focuses on computer systems and security, with particular emphasis on the security of virtualized and distributed systems. His work on side-channel analysis in the clouds was widely discussed in popular technology news websites. The work he conducted as a research intern at RSA labs and Google Research resulted in several U.S. pending patents. He is also the recipient of the Google Ph.D. Fellowship in Computer Security in 2013.