Job Talk: Provenance Analysis in Virtualized Environments
Abstract:
With the unprecedented need for remote working and virtual retail, there has been a worldwide surge in the adoption of cloud and edge computing. On the other hand, the significant reliance on virtual services has rendered the underlying cloud environments supporting those services an attractive target for cyber criminals. To address this, the main focus of my research is to enable effective and e铿icient investigation of security incidents and their root causes through provenance-based solutions in virtualized environments including clouds, containers, network functions virtualization (NFV), etc. First, I present DominoBlocker, the first provenance analysis solution facilitating forensic investigation and prevention of security incidents in clouds by tracing the dependencies between cloud management operations, instead of low-level system calls. Second, I present ProvTalk, the first multi-level provenance system for NFV built for capturing the relationship between management operations across different levels of the NFV stack, and increasing the interpretability of the logged information by leveraging the inherent cross-level dependencies. Third, I present VinciDecoder, a framework to automatically generate human readable forensic reports for security incidents using neural machine translation (NMT). Finally, I will discuss my ongoing and future research plan on addressing some of the fundamental security challenges in virtualized environments through leveraging provenance analysis.
Bio:
Azadeh Tabiban is currently a Ph.D. candidate at Concordia University (with Prof. Lingyu Wang and Prof. Makan Pourzandi), and she has been working as a research assistant on industry-sponsored projects since 2017. Her Ph.D. research focuses on provenance-based root cause analysis of security incidents in virtualized environments such as clouds, containers, and Network Functions Virtualization (NFV). Her recent work on provenance analysis for NFV has been accepted by
NDSS鈥22 (a top-tier, 鈥淏ig 4鈥 conference in security research, acceptance ratio 16.2%, as the only accepted work from Canada), and her work on provenance analysis in clouds has been published and selected as a best paper candidate at CNS鈥20. Her work has also led to a US patent application, and several demos and presentations given at major industrial events. During her master鈥檚 study, she worked as an Ericsson/Concordia Mitacs intern on cloud security auditing, and she has co-authored publications at prestigious venues such as ESORICS鈥19 and Journal of Computer Security. She has also served as a guest lecturer and teaching assistant for many cybersecurity classes and as a research mentor for several graduate students.
This talk is free and open to all