Infrastructure-as-a-service (IaaS) cloud computing systems are revolutionizing business, government, and science by providing easy access to scalable computing. These public services, as offered by Amazon, Google, Microsoft, and others, allow an arbitrary customer to rent, by the hour, the resources needed to run their applications within virtual machines (VMs) hosted on the provider?s compute infrastructure. With these new services, however, comes subtle new security issues. Prior work by the PI uncovered attacks that abuse two aspects unique to cloud computing: resource sharing among mutually distrustful customers and pricing that incentivizes malicious behavior. The proposed research is organized along the two themes of resource sharing and pricing. In the first theme, the work explores whether cryptographic side channel attacks and resource-freeing attacks pose serious threats to cloud customers and then develops new placement and CPU scheduling algorithms that realize the security principle of soft isolation: minimization of potentially dangerous cross-user scheduling interactions (e.g., sharing a server or CPU core). Within the second theme, the work explores the implications of fine-grained pricing mechanisms on security. This includes developing pricemarks (mechanisms for accurately determining the true costs of a cloud service), understanding customer-controlled placement gaming that exploits cloud performance heterogeneity, and explores pricing-based security mechanisms that, in conjunction with the aforementioned scheduling mechanisms, will degrade fiscal incentivizes for adversarial behavior. The impact of the proposed work will be deeper understanding of threats in cloud IaaS systems, new security design principles, deployable security technologies, and improvements in security education.
CAREER: Infrastructure for Secure Cloud Computing