Venkatanathan Varadarajan

Resource management across diverse workloads is a non-trivial and challenging problem. The complexity of the problem skyrockets when the system needs to arbitrate resources across arbitrary and potentially malicious users. Such is the problem faced by multi-tenant public cloud systems. These systems, apart from achieving profitable resource utilization for the cloud provider, should also guarantee reasonable performance and, more importantly, make the users feel as secure as when running tasks in their own private infrastructure. Current state-of-the-art public clouds are far from achieving the necessary level of isolation between its users to provide this guarantee. My research focuses on systematic evaluation of isolation in the presence of malicious users in public clouds and building operating systems with improved isolation without compromising on efficiency. My research has helped: (i) find new, previously unknown security issues with resource managers that provides monetary advantages for a malicious or greedy user [1,2], (ii) provide detailed, systematic evaluation of the co-location or co-residency attacks on major Infrastructure and Platform as a Service public clouds (IaaS, PaaS), e.g., Amazon EC2 and Heroku, respectively [4], and (iii) develop new design paradigm that tackle the lack of performance isolation through simple CPU scheduler primitives that improve security and privacy of public cloud tenants without compromising on performance [3]. All of these projects have been published in top-tier security and systems conferences (ACM CCS, USENIX Security, ACM SoCC) and one paper was recently recognized as one of the top ten best applied security research at CSAW NYU-Poly in 2014. Throughout these projects, I have demonstrated and honed a skill set that is essential for system security research: thorough evaluation of complex systems across two important dimensions of security and performance. It will also be evident from these works (detailed below) that I meticulously follow an important system design principle: “a security solution without practical deployability is no solution”. The importance of this principle is often overlooked in system security research. My research vision is to build systems that improve the security of public clouds that is equivalent or better than what is achievable in a restrictive private infrastructure without compromising on the economic and efficiency benefits of public clouds. The completed projects detailed below help take the first step towards this goal by understanding the isolation guarantees provided by the state-of-the-art public clouds. I believe, my accrued experience and skill set will aid me in moving towards this vision.