Modern cloud computing infrastructures use virtual machine monitors (VMMs) that often include a large and complex administrative domain with privileges to inspect client VM state. Attacks against or misuse of the administrative domain can compromise client security and privacy. Moreover, these VMMs provide clients inflexible control over their own VMs, as a result of which clients have to rely on the cloud provider to deploy useful services, such as VM introspection-based security tools.
This talk will present the self-service cloud computing (SSC) project that addresses these two shortcomings. SSC splits administrative privileges between a system-wide domain and per-client administrative domains. Each client can manage and perform privileged system tasks on its own VMs, thereby providing flexibility. The system-wide administrative domain cannot inspect the code, data or computation of client VMs, thereby ensuring security and privacy. SSC also allows providers and clients to establish mutually trusted services that can check regulatory compliance while respecting client privacy. We have used a prototype implementation of SSC atop the Xen hypervisor to build user domains to perform privileged tasks such as memory introspection, storage intrusion detection, and anomaly detection
Brief Biography: Vinod Ganapathy
Vinod Ganapathy is currently an Associate Professor of Computer Science at Rutgers University New Brunswick, where he has been on the faculty since 2007. He received a Ph.D. in Computer Science from the University of Wisconsin-Madison in 2007, and a B.Tech. in Computer Science and Engineering from IIT Bombay in 2001. His primary research interests are in computer security and software engineering. He is the recipient of a 2013 Rutgers University Board of Trustees Fellowship for Scholarly Excellence, a 2010 National Science Foundation CAREER Award, and together with his students, two outstanding student paper awards at the Annual Computer Security Applications Conference in 2008 and 2009 for work on kernel rootkit detection and Web browser extension security.