Cloud computing is becoming a game-changer for the academia and industry that need low-cost and scalable data processing capabilities. However, this new computing paradigm is also fraught with security and privacy risks. Although many cloud-security issues are related to the problems that have long been studied, he strongly believes that distinctive features of the cloud actually expand the space of these seemingly old problems. He present the outcomes of their preliminary research in this new domain, which include new security threats they discovered in the cloud and a new cloud-based solution they developed for an existing security problem. Specifically, software in the cloud is often built through integrating web APIs provided by different web service providers, and served through delivering part of its components to the user’s browser. This Software-as-a-Service (SaaS) model can easily bring in logic flaws during API integrations, due to the miscommunication between the API provider and the API user, and is fundamentally vulnerable to side-channel attacks. As evidence to the seriousness of such problems, their research shows that high-profile web stores can be exploited to shop for free, and popular cloud-based web services are leaking out highly sensitive user information such as health records, family incomes and investment secrets. On the other hand, they demonstrate that the special features of the cloud can actually be leveraged to build surprisingly effective solutions to some old security problems: they developed a suite of new secure DNA alignment techniques based upon the hybrid infrastructure of today’s clouds and their immense data-processing capacity. Their new approach can support a large-scale genomic computation on the low-cost public cloud without endangering sensitive genetic information. These preliminary studies strongly indicate great security research opportunities existing in the cloud, which can lead to high-impact discoveries and surprising technological progress.
No comments:
Post a Comment