Cloud computing, which has seen significant growth over the past decade, fundamentally relies on the sharing of hardware resources among users. This approach enhances resource utilization and reduces operational costs. However, it also enables unintended information leakage through hardware side channels. Despite the threat of side-channel attacks, cloud vendors remain skeptical about the practicality of these attacks in production cloud environments, leading to inadequate side-channel mitigations.

My PhD research focuses on exploring side-channel attacks in realistic cloud settings and developing comprehensive defenses across the computing stack. In this talk, I will first introduce a series of novel attack techniques that address practical challenges in conducting side-channel attacks in clouds. Using these techniques, I demonstrated an end-to-end, cross-tenant side-channel attack on Google Cloud. This demonstration was subsequently recognized by Google as a critical-level bug, prompting a review by their product team. In the second part of this talk, I will introduce Untangle, a novel framework for side-channel defense. Untangle is designed to quantify and reduce information leakage in defense schemes based on dynamic resource-partitioning. Untangle opens up a new defense paradigm that allows a controlled amount of information leakage in exchange for improved performance. To conclude, I will outline future research directions aimed at developing secure and efficient cloud systems resistant to side-channel attacks.