This research looks at data disclosures due to side channels in cloud services.
Side channels arise due to sharing of resources among mutually untrusting principals. In public clouds, different tenants share CPUs, caches, memory, storage, and network resources of the cloud provider. A tenant's (called the victim) usage of a server's resources may be correlated with its secrets; an adversarial tenant on the same server can observe the victim's usage of shared resources and thereby infer the victim's secrets. How can tenants ensure privacy of their sensitive data and code hosted in the cloud in face of such side-channel attacks? Moreover, how can we design efficient side-channel mitigations in the face of changing landscape of cloud architecture, where applications and hardware are becoming more disaggregated, leading to increased resource sharing among untrusted tenants?
Our prior work has investigated fundamental principles in building
secure mitigations for memory (USENIX Security'17) and network
side-channel attacks in cloud (under submission).
The key principle is to
People: Aastha Mehta
Pacer: Network Side-Channel Mitigation in the Cloud (Under submission)
Oblivious Multi-Party Machine Learning on Trusted Processors (USENIX Security'17)
Systopia lab is supported by a number of government and industrial sources, including Cisco Systems, the Communications Security Establishment Canada, Intel Research, the National Sciences and Engineering Research Council of Canada (NSERC), Network Appliance, Office of the Privacy Commissioner of Canada, and the National Science Foundation (NSF).