Virginia Tech® home

Seminar: Leveraging the Wisdom of Clouds for Internet Security

Eric Pauley

PhD Candidate
University of Wisconsin-Madison

Thursday, February 6
9:30 - 10:30AM
1100 Torgersen Hall

 

Processed With Darkroom

Abstract

Over the past decade, networked systems have consolidated under just a handful of hyperscale cloud providers (e.g., AWS, Azure). While this offers logistical and economic advantages, attackers specifically target providers and their customers, a shift that has left traditional network vantage points blind to the most sophisticated adversaries. In this talk, I’ll explore how we adapt Internet measurement to these new deployment models to regain situational awareness and defend modern service deployments. I’ll introduce DScope, a new Internet telescope that continuously relocates its vantage point across public cloud infrastructure. Unlike prior approaches that use a fixed vantage point, this allows us to observe the most sophisticated attackers that actively avoid existing measurement infrastructure. Our dynamic approach also achieves a statistically representative view of cloud-based attacks, a property that we prove for the first time.

Using data from DScope, I’ll also discuss how the shared networking environment of public clouds leads to new vulnerabilities. We’ll examine the problem of latent configuration, which occurs when cloud customers reference network resources that are then reused by other tenants. This new security risk is uniquely enabled by public clouds, but through rigorous analysis and systems design we can make cloud deployments more secure in practice. I’ll conclude by discussing open problems and future work in leveraging Internet vantage points for security, with a focus on intelligent interactivity and rapid response to emergent threats.

 

Biography

Eric Pauley is a Ph.D. candidate at the University of Wisconsin–Madison, advised by Patrick McDaniel. His research interests encompass data-driven approaches to evaluating and improving the security of networked software systems, with a particular focus on cloud computing. His work has led to practical improvements in the security of cloud-based systems through both remediations by major providers and services offered by his company, DScope Security. His research in security measurement has earned best paper runner-up at the ACM Internet Measurement Conference, a finalist spot in the CSAW Applied Research Competition, and the UW–Madison Computer Sciences Outstanding Graduate Researcher Award. Eric is also an avid backpacker, instrument-rated private pilot, and birdwatcher.