講座信息
12.27 | Toward a practical approach to managing security in the cloud ecosystem
2019.12.24
演講者 Qiang Cao
頭銜職位 Temporary faculty member in the Department of Computer Science at the University of Georgia
時間 2019 年 12 月 27 日(周五)下午 2:00
地點 張江校區計算機樓 405
聯系人 陳陽 , chenyang@fudan.edu.cn

演講簡介

Cloud platforms provide authorization systems that govern how tenants and their applications interact with one another and share data on the cloud. We consider how a cloud platform can enable richer access control when requests originate from within the cloud, e.g., from a running software instance controlled by another tenant. It is increasingly useful for these policy checks to consider information about the requesting program, including the software that it runs and its configuration, in order to create a stronger foundation for the secure sharing of data in future clouds. This talk introduces Latte, a cloud attestation system that provides a richer basis for authorization. It can authorize operations based on requester’s code identity, which includes source code, build environment and runtime configuration, as well as third-party endorsements of trustworthiness. Latte supports the layered environments common in cloud computing, such as Docker containers running within virtual machines, and distributed services such as the Spark data-analytics platform. We integrated Latte with OpenStack, Docker, and Spark to demonstrate how Latte can be used to improve security and enable new usage scenarios, such as allowing untrusted parties to compute over private data. Adopting Latte requires few changes to application platforms. The overhead of Latte in most cases is negligible.

關于講者

Qiang Cao is a temporary faculty member in the department of computer science at The University of Georgia, and an affiliated researcher in the department of computer science at Duke University, where he received his Ph.D. in 2014. His research interest lies in security, computer networking, and cloud computing. He is a core member of a team at Duke that develops the SAFE toolkit for secure authorization. Previously, he worked on the problem of detection and mitigation of social spam at large scale, which resulted in a collaboration with Facebook and a solution used in production.
© 2020 復旦大學計算機科學技術學院 地址:上海市張衡路825號 Tell:+86-21-51355555 Fax:+86-21-51355558 Emall:cs_school@fudan.edu.cn
復旦大學計算機科學技術學院
掃一掃了解學院
幸运快3app