资源描述:
《abstractsAbstracts of Workshop on Cryptography and Security in Clouds》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、AbstractsofWorkshoponCryptographyandSecurityinClouds(March15-16,2011,Zurich)VirtualSecurity:DataLeakageinThird-PartyCloudsandVMResetVulnerabilitiesThomasRistenpart(UniversityofWisconsin,Madison,USA)Inthistalkwe'llcovernewsecurityissuesthatariseintheuseof
2、virtualization.Firstwe'lllookatthird-partycloudcomputingservicessuchasAmazon'sEC2andMicrosoftAzure.We'llseehowso-calledplacementvulnerabilitiesallowanattackertoarrangeforamaliciousvirtualmachine(VM)tobeassignedtothesamephysicalserverasatargetvictim'sVM.F
3、romthere,theattackingVMcanmountsidechannelattacks.We'llreportoninitialworkoncache-basedsidechannelsthatcanmeasurethevictim'scomputationalloadto,forexample,inferthekindsofwebtracreceivedbyawebserverrunningonthevictim'sVM.NextI'llpresentrecentworkonshowin
4、ganewclassofvulnerabilities,termedVMresetvulnerabilities,thatariseduetoreuseofVMsnapshots.AsnapshotisthesavedstateofaVM,whichcanincludecaches,memory,persistentstorage,etc.AresetvulnerabilityoccurswhenresumingtwoormoretimesfromthesameVMsnapshotexposessecu
5、ritybugs.I'llreportonourdiscoveryofseveralresetvulnerabilitiesinmodernbrowsersusedwithincommonly-usedVMmanagers.Thesevulnerabilitiesexploitweaknessesincryptographicprotocolswhenconfrontedwithreusedrandomness.I'llthenexplorepotentialsolutions.Thistalkwill
6、coverjointworkwithStevanSavage,HovavShacham,EranTromer,andScottYilekASmallLatteoraPetaCycle?YouDecide.TheEconomicsofCloudComputingandWhatThisMeansforSecurityRaduSion(StonyBrookUniversity,USA)Inthistalkweexploretheeconomicsoftechnologyoutsourcingingeneral
7、andcloudcomputinginparticular.Weidentifycosttrade-osandpostulatethekeyprinciplesofoutsourcingthatdenewhenclouddeploymentisappropriateandwhy.Wealsobrie
ytouchonseveralmaincyber-securityaspectsthatimpacttheappealofclouds.Weoutlineandinvestigatesomeofthem
8、ainresearchchallengesonoptimizingforthesetrade-os.IfyoucometothistalkyouarealsoverylikelytondoutexactlyhowmanyUSdollarsyouneedtospendtobreakyourfavoritecipherorsendoneofyourbitsoverthenetwork.1TheCloudwastipsyandatemyle