[PAST EVENT] Zhang Xu - Dissertation Defense - Computer Science

December 19, 2014
2pm - 3:45pm
McGlothlin-Street Hall, Room 002
251 Jamestown Rd
Williamsburg, VA 23185Map this location
As cloud computing has become a trend in the computing world, understanding its security concerns becomes essential for improving service quality and expanding business scale. This dissertation proposal studies the security issues in a public cloud from two aspects. On the one hand, we investigate a new threat called power attack in the cloud. On the other hand, we perform a systematical measurement on the public cloud to understand how cloud vendors react to existing security threats.

In the power attack, we exploit various attack vectors in platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS) cloud environments. To demonstrate the feasibility of launching a power attack, we conduct series of testbed based experiments and data-center-level simulations. Moreover, we give a detailed analysis on how different power management methods can affect a power attack and how to mitigate such an attack. Our experimental results and analysis show that power attacks will pose a serious threat to modern data centers and should be taken into account while deploying new high-density servers and power management techniques.

In the measurement study, we mainly investigate how cloud vendors have reacted to the co-residence threat inside the cloud, in terms of VM placement, network management, and Virtual Private Cloud (VPC).
Specifically, through intensive measurement probing, we first profile the dynamic environment of cloud instances inside the cloud. Then using real experiments, we quantify the impacts of VM placement and network management upon co-residence, respectively. Moreover, we explore VPC, which is a defensive service of Amazon EC2 for security enhancement, from the routing perspective.

In the future work, we plan to study the potential monitoring system that can enhance the security of cloud. The most effective way of securing a cloud is to monitor its running environment in a fine-grained manner. By monitoring system and networking activities, the cloud administrators can detect and diagnose anomaly, intrusion, and attacks. Enterprises have developed large scale monitoring systems along with many security applications. However, for a large cloud, the fine-grained monitoring traces are too large to store and analyze. Our work attempts to trim the monitoring traces using both data mining techniques and domain knowledge heuristics for reducing storage cost as well as supporting more efficient security applications.

Zhang Xu has been working on his Ph.D. in Computer Science at the College of William and Mary since Spring 2012. He is working with Dr.
Haining Wang, and his research interests include cloud computing, system security, and web security. He was working as research assistant in NEC research Lab since May 2014. Zhang Xu received his M.S. from College of William and Mary (Williamsburg, 2012), and his B.S. from Beihang University (Beijing, 2010).