[talks] Fwd: CS/EE Seminar - Monday, September 17. 2018, 11:00 am, E-Quad B327 - Liang Wang

Jennifer Rexford jrex at CS.Princeton.EDU
Fri Sep 14 17:10:28 EDT 2018 

>  
>  
> Department of Computer Science and
>                        Department of Electrical Engineering Seminar 
>  
>  
> Speaker:   Liang Wang           
>                               University of Wisconsin - Madison
> Title:          Understanding Security and Privacy Issues in Cloud Applications
> Date:         Monday, September 17, 2018            
> Time:         11:00 am          
> Room:        E-Quad, Room B327
> Host:         Prof. Jennifer Rexford and Prof. Prateek Mittal
>  
> Abstract:  An increasing amount of applications are utilizing public clouds and rely on their cloud providers to provide security and privacy protection. However, specific application design patterns might compromise the providers’ efforts on securing applications, and make the applications vulnerable. In my work, I use measurement-driven approaches to examine various types of cloud-based applications/services and investigate whether they can achieve desired security and privacy guarantees. In this talk, I will present my work on:
>  
> (1) Decision-tree-based traffic analysis attacks against Tor meek, a cloud-based traffic obfuscator that is designed to be resistant to Internet censorship by nation states. Our attacks require a censor to maintain little state, but can reliably detect meek traffic with high true-positive rates and sufficiently low false-positive rates (0.006% - 0.02%, out of 14M TCP flows).
>  
> (2) Side-channel attacks against search indexes of multi-tenant cloud services. The attacks can discover terms in other tenants’ private documents, and work efficiently on live cloud services such as GitHub in controlled experiments.
>  
> (3)  My most recent work on characterizing popular serverless computing platforms in terms of performance and resource scheduling.  We discover several issues that could make serverless applications  vulnerable to side-channel and DoS attacks in AWS Lambda and Azure Functions, and find bugs that allow customers to use resources for free in Google Cloud Functions.
>  
>  
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20180914/f43c19bb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 8570 bytes
Desc: not available
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20180914/f43c19bb/attachment-0001.png>

More information about the talks mailing list