Black Hat //Webcast
A Journey into the Privacy and Security Risks of a Cloud Computing Service
// Marco Balduzzi
Cloud services such as Amazon's EC2 and IBM SmartCloud allow users to create and share virtual images (AMIs) with other users. In addition to these user-shared images, the cloud providers also provide AMIs that have been preconfigured with popular software such as open source databases and web servers.
This talk explores both the privacy and the security risks associated with renting and using public AMIs from cloud computing providers. We will present SatanCloud, our automated system that we used to analyze and test over 5,000 server images provided by Amazon in its four data centers of US, Europe and Asia. From our analysis, we discovered that both the users and the providers of public AMIs are vulnerable to security risks such as data leakage, unauthorized access, malware infections, and loss of sensitive information. All our findings have been acknowledged by the Amazon's Web Services Security Team that has already taken steps to properly address them.
Dr. Marco Balduzzi holds an MSc. in computer engineering from the university of Bergamo and a Ph.D. in applied IT security from Télécom ParisTech. He has been involved in IT security for 10 years with international experiences in both industrial and academic fields. He worked as security consultant and engineer for different companies in Milan, Munich and Sophia-Antipolis, in south France, before joining the International Secure Systems Lab and then Trend Micro Inc. as senior security and threat researcher.
David Koretz, VP & General Manager, Mykonos Software (a Juniper Networks company)
David is the founder of Mykonos Software, the leader in deception-based cyber-security. Under Mr. Koretz’s leadership, Mykonos was named a 2010 Gartner Cool Vendor, winner of the Secure Computing Magazine Innovator’s Throwdown, and the 2011 SINET 16.
ABOUT OUR SPONSOR:
Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and Communications that transform the experience and economics of networking. Additional information can be found at Juniper Networks (www.juniper.net).
Mykonos Software, a Juniper Networks company, is the smartest way to secure websites and web applications against hackers, fraud and theft. Its intrusion deception technology detects, tags, tracks and stops hackers in real-time. Unlike legacy signature-based approaches, Mykonos is the first technology that inserts hundreds of detection points to proactively identify attackers before they do damage - without any false positives.