演讲者 | Qiang Cao | 头衔职位 | Temporary faculty member in the Department of Computer Science at the University of Georgia | 时间 | 2019 年 12 月 27 日(周五)下午 2:00 | 地点 | 张江校区计算机楼 405 | 联系人 | 陈阳 , chenyang@fudan.edu.cn |
| |
演讲简介
Cloud platforms provide authorization systems that govern how tenants and their applications interact with one another and share data on the cloud. We consider how a cloud platform can enable richer access control when requests originate from within the cloud, e.g., from a running software instance controlled by another tenant. It is increasingly useful for these policy checks to consider information about the requesting program, including the software that it runs and its configuration, in order to create a stronger foundation for the secure sharing of data in future clouds. This talk introduces Latte, a cloud attestation system that provides a richer basis for authorization. It can authorize operations based on requester’s code identity, which includes source code, build environment and runtime configuration, as well as third-party endorsements of trustworthiness. Latte supports the layered environments common in cloud computing, such as Docker containers running within virtual machines, and distributed services such as the Spark data-analytics platform. We integrated Latte with OpenStack, Docker, and Spark to demonstrate how Latte can be used to improve security and enable new usage scenarios, such as allowing untrusted parties to compute over private data. Adopting Latte requires few changes to application platforms. The overhead of Latte in most cases is negligible.
关于讲者
Qiang Cao is a temporary faculty member in the department of computer science at The University of Georgia, and an affiliated researcher in the department of computer science at Duke University, where he received his Ph.D. in 2014. His research interest lies in security, computer networking, and cloud computing. He is a core member of a team at Duke that develops the SAFE toolkit for secure authorization. Previously, he worked on the problem of detection and mitigation of social spam at large scale, which resulted in a collaboration with Facebook and a solution used in production.