log in  |  register  |  feedback?  |  help
Logo
Google-UMD Cybersecurity Seminar Series
Ulfar Erlingsson - Director of Security Research - Google
Google: 1101 New York Ave NW DC (Second Floor)
Thursday, December 13, 2012, 5:00-6:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Registration requested: The organizer of this talk requests that you register if you are planning to attend. There are two ways to register: (1) You can create an account on this site (click the "register" link in the upper-right corner) and then register for this talk; or (2) You can enter your details below and click the "Register for talk" button. Either way, you can always cancel your registration later.

Name:
Email:
Organization:

Abstract

Cloud Computing and Security

Cloud computing constitutes not mere centralization, or a change of scale, but a new, fundamentally more reliable form of software and services. This change creates both new risks and opportunities for security.

A defining characteristic of cloud services is that they are designed to provide continuous access to rich functionality and ever-improving features, without any planned service interruption due to operational issues like software updates. This defining characteristic explains the key requirements of cloud computing: pervasive redundancy is required to handle inevitable failures, scalability and elasticity to ensure uninterrupted service despite spikes in load, geographic replication to handle user migration and local power outages, etc. 

In particular, to add new features, reliably and without downtime, cloud services must allow for executing, testing, deploying, and retiring multiple concurrent software versions using different data representations and algorithms. Therefore, in the limit, each machine and process could execute a unique instance of the cloud software, specialized with custom monitoring and security mechanisms—and, due to redundant software instances, those mechanisms could be designed to independently apply fail-stop enforcement to each executing instance.

On the other hand, software processing of rich data suffers from endemic security vulnerabilities and most cloud services handle untrusted, user-generated rich data content, derived via virtual, indirect relationship with near-anonymous users.  As a further complication to authentication and authorization, access to services and sensitive user resources and data must be granted to a growing number of third-party cloud applications, from the public web or open markets, whose intent, provenance, and properties are typically unknown.

Securing the cloud requires building upon unique characteristics of cloud computing, as well as pervasively integrating a security and privacy focus into software development and operational processes of cloud service providers.  Every advantage the cloud offers—such as large-scale machine learning and data-driven abuse detection—must be utilized, as well as a range of other techniques, from well-designed application-level interfaces, through pervasive use of cryptography, and even to formally-verified machine code.

Bio

Úlfar currently heads security research at Google. Previously, Ulfar wasa researcher at Microsoft Research, an Associate Professor at Reykjavik University, Iceland, and led security technology at two startups: GreenBorder and deCODE Genetics.

He holds a PhD in CS from Cornell University.

This talk is organized by Eric Chapman