In response to incidents of unintended disclosure and misuse of user data by online services, modern data protection regulations require service providers to restrict their collection, processing, sharing and storage of sensitive user data. However, ensuring compliance with such regulation in today’s complex and rapidly evolving systems is technically challenging. In my research, I have developed practical systems to prevent unintended disclosures and misuse of data in the face of two broad classes of threats: software bugs and misconfiguration, and side channels.

In this talk, I will describe Pacer, a compliance system designed to prevent indirect inference of sensitive data via side channels in shared network links in the Cloud. Pacer shapes the outbound traffic of a Cloud tenant to make it independent of the tenant’s secrets. At the same time, Pacer does allow variations in the traffic shape based only on public (non-secret) aspects of the tenants’ workloads, thus enabling efficient sharing of network resources and incurring moderate overhead. Implementing Pacer requires modest changes to the Cloud hypervisor and the guest OS, and minimal changes to the guest application.