Detection and Mitigation of Security Threats in Cloud Computing

Speaker:        Dr. Tianwei Zhang
                Amazon Web Services

Title:          "Detection and Mitigation of Security Threats in
                 Cloud Computing"

Date:           Monday, 3 December 2018

Time:           4:00pm - 5:00pm

Venue:          Lecture Theater F (near lift 25/26), HKUST


Infrastructure-as-a-Service (IaaS) clouds provide computation and storage
services to large enterprises, small businesses and individuals with great
elasticity, low cost and high energy efficiency. Cloud customers rent
resources in the form of virtual machines (VMs), and deploy their
applications and services in the remote datacenters. However, these VMs
may face various security threats from different entities. It is important
but challenging for cloud providers to create a reliable and secure
computation environment for customers.

Current state-of-the-art cloud platforms from the research community and
commodity products only provide limited security functionalities, which
are far from enough to guarantee the security of VMs. In this talk, I will
present my solutions to this challenge in two directions. First I will
introduce a general-purpose architectural framework to protect customers'
VMs in IaaS clouds. This framework monitors the security health of VMs in
a comprehensive way, and automatically takes actions to mitigate the
potential threats that can compromise customers' desired security
properties. I define and verify the necessary hardware-software modules in
cloud servers, secure communication protocols, management and security
operations to guarantee this trustworthy and unforgeable monitoring
service. Then I will present two types of threats: availability threat
caused by multi-tenancy resource contention, and confidentiality threat
via cache-based side channels. I will introduce two methodologies to
defeat these threats with a novel repurposing of existing hardware
features. My methodologies can be integrated into my framework, and they
together form a secure cloud ecosystem.


Dr. Tianwei Zhang is a software engineer at Amazon Web Services. He
received his Bachelor's degree in physics at Peking University, China, in
2011, and the Ph.D degree in Electrical Engineering at Princeton
University in 2017, under the supervision of Ruby B. Lee. His research
focuses on computer system and architecture security. He is particularly
interested in building new frameworks and methodologies to enhance the
security of cloud computing environment. He is also interested in
verifying and quantifying the designs and mechanisms of security-aware
architectures and systems. He has published papers in top-tier
architecture and security conferences and journals (ISCA, IEEE micro, IEEE
Transactions on Computers, ACSAC, RAID, AsiaCCS) as the first author.