Princeton University

School of Engineering & Applied Science

Understanding Security and Privacy Issues in Cloud Applications

Liang Wang, University of Wisconsin - Madison
Engineering Quadrangle B327
Monday, September 17, 2018 - 11:00am to 12:00pm

An increasing amount of applications are utilizing public clouds and rely on their cloud providers to provide security and privacy protection. However, specific application design patterns might compromise the providers’ efforts on securing applications, and make the applications vulnerable. In my work, I use measurement-driven approaches to examine various types of cloud-based applications/services and investigate whether they can achieve desired security and privacy guarantees. In this talk, I will present my work on:
(1) Decision-tree-based traffic analysis attacks against Tor meek, a cloud-based traffic obfuscator that is designed to be resistant to Internet censorship by nation states. Our attacks require a censor to maintain little state, but can reliably detect meek traffic with high true-positive rates and sufficiently low false-positive rates (0.006% - 0.02%, out of 14M TCP flows).
(2) Side-channel attacks against search indexes of multi-tenant cloud services. The attacks can discover terms in other tenants’ private documents, and work efficiently on live cloud services such as GitHub in controlled experiments.
(3)  My most recent work on characterizing popular serverless computing platforms in terms of performance and resource scheduling.  We discover several issues that could make serverless applications  vulnerable to side-channel and DoS attacks in AWS Lambda and Azure Functions, and find bugs that allow customers to use resources for free in Google Cloud Functions.