Computers are essential to running the services we use daily. Increasingly, we do not need to own a computer; computing is done on centralised computing platforms – known as clouds – operated by cloud service providers. While clouds collect, store and process massive amounts of data, users have very few or no possibilities to obtain guarantees about the security of their computations, data, and communications and computations in the cloud. In his PhD thesis, Nicolae Paladi describes mechanisms to both verify the security of the cloud computing platforms and protect the most security sensitive data.
Every day, increasingly more IT infrastructure is migrated to centralised processing, commonly called “cloud computing”. This includes diverse systems we all use — from email and on-line laundry booking to medical health records and enterprise systems used by banks and governmental agencies. The increase in the size, complexity and evolution rate of the systems supporting them in the “cloud computing” paradigm is growing out of the scope of the traditional information security audit frameworks that are central to help maintaining the trust of users in the cloud computing paradigm. This calls for novel mechanisms to both verify the integrity of cloud computing infrastructure and maintain control over core assets.
– In my research, I used widely available hardware security components to develop mechanisms allowing to verify the integrity of software components in the cloud infrastructure. The mechanisms described in my thesis aim to enable integrity verification remotely and on-demand. They are potentially useful both to the cloud service providers themselves, as well as to large cloud tenants, says Nicolae Paladi who recently presented his PhD thesis at department of Electrical and Information Technology at LTH, Lund university.
– When it comes to my subject, what I find fascinating is the role of computer security in building trust and enabling innovations. For example, protocols for secure communication on the Internet were essential for enabling innovations like e-commerce, various on-line services for complex interactions with public authorities, and even on-line voting in some countries, while cryptographic primitives such as hash functions found an application in electronic cash. Since computing and data is increasingly moving into the cloud, building mechanisms to enable trust in the security of cloud systems has the potential to enable further innovations to improve people’s daily lives.
Cloud architecture fragment focused on protecting the security of computation andnetwork communication in cloud platforms.
Who is Nicolae Paladi?
– I am from the Republic of Moldova; having worked for several years at an on-line payments a fintech startup in Stockholm, I joined RISE SICS (previously the Swedish Institute of Computer Science) to write my master thesis in information security. My supervisor, Christian Gehrmann, convinced me to continue at RISE SICS and later helped me enroll to LTH as an industrial PhD student.
– I like being outdoors regardless of the weather, and in my free time I tend to go on long hikes, kayaking or cross-country skiing — ideally to remote areas. When I am not outdoors I like to organize documentary film screenings with my friends.
Anything you want to share from your PhD time?
–– There were plenty of exciting and funny occasions! As a PhD student, I presented my work at many events, something that even involved travelling to conferences at remote destinations, such as Greenland and Japan. Besides breathtaking views of the Ilulissat Icefjord, in Greenland I experienced the shortest commercial flight so far – less than 15 minutes, between Ilulissat and Aasiaat.
– Before travelling to Japan I was happy to learn that I did not need a visa to enter the country. However, at the border control in Osaka airport the border control officer took me to a separate room and very politely explained that I could not enter the country without a visa, since my passport was not biometric. I explained that I was a PhD student going to a conference, but he seemed remained unconvinced. As a last resort, I handed him a hard copy of my article, which I discovered by chance in my backpack. After he thoroughly examined the article and offered me a bunch of papers to fill in, I was given a visa and could finally continue to Kyoto where the conference was starting the next day. I learned that I must always carefully read the fine print and notes about travel regulations — and that nothing beats having a paper printed copy of the research article.
What are your plans?
– I will continue creating tools that build trust in distributed environments and allow users to better control their information. We live in an increasingly interconnected world and where data is in the long run the most valuable commodity – so it is paramount to manage it well, PhDNicolae Paladi concludes.
The PhD Thesis is available at: http://portal.research.lu.se/portal/en/publications/trust-but-verify(22c1d979-2d87-4099-b19c-ea140cd76663).html