Lecture: "A Security Analysis of Amazon's Elastic Compute Cloud Service" by Engin Kirda

  • 11/16/2012 | 3:30 PM – 4:30 PM
  • Location: Searles Science Building, Room 315
  • Event Type: Lecture

Lecture: "A Security Analysis of Amazon's Elastic Compute Cloud Service" by Engin KirdaDr. Engin Kirda from Northeastern University will present a computer science lecture titled "A Security Analysis of Amazon's Elastic Compute Cloud Service."

Abstract: Cloud services such as Amazon's Elastic Compute Cloud and IBM's SmartCloud are quickly changing the way organizations are dealing with IT infrastructures and are providing online services. Today, if an organization needs computing power, it can simply buy it online by instantiating a virtual server image on the cloud. Servers can be quickly launched and shut down via application programming interfaces, offering the user a greater flexibility compared to traditional server rooms.

In this talk, Kirda will explore the general security risks associated with using virtual server images from the public catalogs of cloud service providers. The talk examines the security problems of public images that are available on the Amazon EC2 service.

Kirda will describe the design and implementation of an automated system that they used to instantiate and analyze the security of public AMIs on the Amazon EC2 platform, and provide detailed descriptions of the security tests that they performed on each image. Their findings demonstrate that both the users and the providers of public AMIs may be vulnerable to security risks such as unauthorized access, malware infections, and loss of sensitive information. The Amazon Web Services Security Team has acknowledged their findings, and has already taken steps to properly address all the security risks presented in this talk.