Cloud computing is becoming a game-changer for the academia and industry that need low-cost and scalable data processing capabilities. This new computing paradigm, however, is fraught with security and privacy risks. Although most cloud-security issues are related to the problems that have long been studied, we strongly believe that distinctive features of the cloud actually expand the scopes of these seemingly old problems. In this talk, I present the outcomes of our recent studies in this new domain, which include a new security threat we discovered in the cloud and a new cloud-based solution we developed for an existing security problem. Specifically, we found that the way the cloud provides software services to its customers exposes the information flows within an application to the Internet, which fundamentally subjects this software-as-a-service model to side-channel attacks. As evidence to the seriousness of the problem, our research shows that several popular cloud-based web services are leaking out highly sensitive user data such as health records, family incomes and investment secrets. On the other hand, we demonstrate that the special features of the cloud can actually be leveraged to build effective solutions to some old security problems: as an example, we developed a suite of new secure DNA alignment techniques based upon the hybrid infrastructure of today's clouds and their immense data-processing capacity. Our new approach can support a data-intensive computation on DNA data over the low-cost public cloud, without endangering the privacy of the human subjects the DNA data comes from. These studies explore the new security problem space the cloud brings to us, and strongly indicate that high-impact discoveries can be made and surprising technological progress can be achieved in this area.

Dr. XiaoFeng Wang is an Associate Professor in the School of Informatics and Computing at Indiana University, Bloomington. He received his Ph.D. in Electrical and Computer Engineering from Carnegie Mellon University in 2004, and has since been a faculty member at IU. Dr. Wang is a recognized active researcher on system and network security. His group extensively publishes at leading security venues and vigorously pursues innovative and high-impact research directions. His current work focuses on security/privacy issues in Cloud Computing and privacy issues in processing and dissemination of human genome data. Dr. Wang has also been actively serving the research community, participating in the program committees and organization committees of numerous conferences and workshops. His research is supported by the NSF, Department of Homeland Security and the Air Force. He served as the acting director for the Security Informatics program at IU, including the Master Program in Security, in 2010.