Dr. Marco Balduzzi (Senior Threat Researcher, Trend Micro)

PRESENTATION TITLE: SatanCloud: A Journey Into the Privacy and Security Risks of Cloud Computing

PRESENTATION ABSTRACT:

Cloud services such as Amazon’s EC2 and IBM SmartCloud allow users to create and share virtual images (AMIs) with other users. In addition to these user-shared images, the cloud providers also provide AMIs that have been preconfigured with popular software such as open source databases and web servers.

This talk explores both the privacy and the security risks associated with renting and using public AMIs from cloud computing providers. We will present SatanCloud, our automated system that we used to analyze and test over 5,000 server images provided by Amazon in its four data centers of US, Europe and Asia. From our analysis, we discovered that both the users and the providers of public AMIs are vulnerable to security risks such as data leakage, unauthorized access, malware infections, and loss of sensitive information.

ABOUT DR. MARCO BALDUZZI

Dr. Marco Balduzzi holds an MSc. in computer engineering from the university of Bergamo and a Ph.D. in applied IT security from Télécom ParisTech. He has been involved in IT security for 10 years with international experiences in both industrial and academic fields. He worked as security consultant and engineer for different companies in Milan, Munich and Sophia-Antipolis, before joining the International
Secure Systems Lab and then Trend Micro Inc. as senior security and threat researcher.

He attended well-known and high-profile conferences all over like BlackHat, Hack in the Box and Owasp AppSec, and his work has been acknowledged and published by important media such as Forbes, The Register, Slashdot, InfoWorld and DarkReading. Being a free software sympathizer, back in the year 2K he co-founded the Bergamo’s Linux User Group and then the University’s Laboratory of Applied Computing. In former times he was also member of different Italian hacking groups and maintainer of open-source projects.