Cyber Security Seminar: Secure Auditing of Internet Services
Daniel O'Keeffe, Lecturer, Royal Holloway University of London
University of Bristol, Wills Memorial Building, Room G25
In this event, hosted by Bristol Cyber Security Group, Daniel O'Keeffe, Lecturer, Royal Holloway University of London will describe how to prevent malicious insiders tampering with audit logs of real-world Internet services (e.g. Dropbox, Git) using emerging commodity hardware support for trusted execution (e.g. Intel SGX).
Abstract: Users of online services such as messaging, code hosting and collaborative document editing expect the services to uphold the integrity of their data. Despite providers’ best efforts, data corruption still occurs, but at present service integrity violations are excluded from SLAs. For providers to include such violations as part of SLAs, the competing requirements of clients and providers must be satisfied. In this talk I will describe LibSEAL, a SEcure Audit Library for Internet services that creates a non-repudiable audit log of service operations and checks invariants to discover violations of service integrity. LibSEAL is a drop-in replacement for TLS libraries used by services, and runs inside a trusted execution environment, such as Intel SGX, to protect the integrity of the audit log. We evaluate LibSEAL with three popular online services (Git, ownCloud and Dropbox) and demonstrate that it is effective in discovering integrity violations with low overhead. I will conclude the talk with a brief overview of some ongoing work in trustworthy cloud computing at Royal Holloway.
Bio: Dan is a Lecturer in the Centre for Distributed and Global Computing (DGC) at the Department of Computer Science, Royal Holloway University of London (RHUL). His research interests lie broadly in the areas of distributed systems, security, databases, and networking, with a current focus on cloud computing security. Most recently, as part of the SeReCa, SecureCloud and CloudSafetyNet projects he has investigated techniques for improving user control and visibility over sensitive data in cloud platforms. Prior to joining RHUL Dan was a post-doctoral researcher in the Large-Scale Distributed Systems (LSDS) group at the Department of Computing, Imperial College London. He completed his PhD under Prof. Jean Bacon as a member of the OPERA group at the University of Cambridge Computer Laboratory. Between his PhD and post-doc he spent several years as a software engineer in the financial services industry building high-frequency trading platforms.
To register for this free event, please visit https://www.eventbrite.co.uk/e/daniel-okeeffe-secure-auditing-of-internet-services-tickets-81293425825?aff=internal
For maps and travel information, please see here