IMDEA Software

IMDEA initiative

Home > Events > Invited Talks > 2020 > Policy Compliance in Online Services

Aastha Mehta

Monday, April 13, 2020

11:00am Zoom5 - https://zoom.us/j/5911012202 (pass: s3)

Aastha Mehta, PhD Student, Max Planck Institute for Software Systems, Germany

Policy Compliance in Online Services

Abstract:

In response to incidents of unintended disclosure and misuse of user data by online services, modern data protection regulations require service providers to restrict their collection, processing, sharing and storage of sensitive user data. However, ensuring compliance with such regulation in today’s complex and rapidly evolving systems is technically challenging. In my research, I have developed practical systems to prevent unintended disclosures and misuse of data in the face of two broad classes of threats: software bugs and misconfiguration, and side channels.

In this talk, I will describe Pacer, a compliance system designed to prevent indirect inference of sensitive data via side channels in shared network links in the Cloud. Pacer shapes the outbound traffic of a Cloud tenant to make it independent of the tenant’s secrets. At the same time, Pacer does allow variations in the traffic shape based only on public (non-secret) aspects of the tenants’ workloads, thus enabling efficient sharing of network resources and incurring moderate overhead. Implementing Pacer requires modest changes to the Cloud hypervisor and the guest OS, and minimal changes to the guest application.