Auditing Outsourced Services
How can users of a cloud service verify that the service truly performs as promised? This question is vital today because clouds are complicated black boxes, running in different administrative domains from users. Their correctness can be undermined by internal corruptions---misconfigurations, operational mistakes, insider attacks, unexpected failures, or adversarial control at any layer of the execution stack.
This talk will present verifiable infrastructure, a framework that lets users audit outsourced applications and services. I will introduce two systems: Orochi and Cobra, which verify the execution of, respectively, untrusted servers and black-box databases. Orochi and Cobra introduce various techniques, including deduplicated re-execution, consistent ordering verification, GPU accelerated pruning, and others. Beyond these two systems, I will also discuss verifiable infrastructure more generally.
Cheng Tan is a computer science Ph.D. candidate in the Courant Institute at New York University. His interests are in operating systems, networked systems, and security. His work on the Efficient Server Audit Problem was awarded best paper at SOSP 2017. His work on data center network troubleshooting at Microsoft Research has been deployed globally in more than 30 data centers in Microsoft Azure.