ERAN TROMER MIT |
Today's computers run numerous processes of different sensitivity and trustworthiness, and often the only boundary between a hostile network and sensitive data relies on flimsy confinement assumptions. The platform purports to protect processes from each other, but side channels arise from lower architectural layers, such as contention for shared hardware resources, and create inadvertent cross-talk. For example, we have shown how observing contention for the CPU cache allows an attacker to steal other users' encryption keys in a few milliseconds.
Such cross-talk is especially grievous in the context of cloud computing ("infrastructure as a service"), where users acquire computational capacity in the form of virtual machines running on a service provider's shared hardware pool. The presence of multiple mutually-untrusting virtual machines on the same hardware creates the risk of information exfiltration across virtual machines and between clients, as we demonstrated on Amazon EC2.
These security vulnerabilities raise the challenge of achieving trustworthy computation on leaky platforms. We discuss potential solutions, including a new work on mitigating side channels using just-in-time dynamic transformation of x86 machine code.
This talk includes joint works with Saman Amarasinghe, Dag Arne Osvik, Thomas Ristenpart, Ron Rivest, Stephan Savage, Hovav Shacham, Adi Shamir and Qin Zhao. |
4:15pm B17 Upson Hall Thursday, February 18, 2010 Refreshments at 3:45pm in the Upson 4th Floor Atrium |
Computer Science Colloquium Spring 2010 |
www.cs.cornell.edu/events/colloquium |
Side Channels and their Mitigation in Cloud Computing Security |