Cloud infrastructures have transformed the way we compute. Clients can offload their computations to virtualized cloud-based services, which elastically provision resources on demand, and help manage and configure computing resources. However, many challenges remain in ensuring wide adoption of the cloud. This project focuses on two such challenges.
The first challenge is that of security and privacy of client code and data. When clients use public cloud infrastructures, the secrecy and integrity of their code and data can be compromised by insider attacks (e.g., malicious sysadmins) or exploits against vulnerabilities in the cloud infrastructure itself. The second challenge is that of flexible client control over their virtual machines (VMs). Clients must typically rely on the cloud provider to deploy useful services, such as security introspection tools, and network middleboxes such as intrusion detection systems and firewalls.
In this talk, I will present the Self-Service Cloud Platform (SSC), a new approach that we have been developing to address these challenges. I will discuss the principles underlying SSC’s new privilege model, which secures client code and data and gives clients increased administrative control over their VMs. I will also demonstrate that SSC can enable a number of novel services that cannot be implemented on contemporary cloud computing platforms. More information about the SSC project is available at: http://www.cs.rutgers.edu/~vinodg/research/cloud/
If time permits, I will also discuss some other projects in my group, including operating system security, Web browser security, and software engineering tools for programmer productivity in mobile app development.