Over the past decade, networked systems have consolidated under just a handful of hyperscale cloud providers (e.g., AWS, Azure). While this offers logistical and economic advantages, attackers specifically target providers and their customers, a shift that has left traditional network vantage points blind to the most sophisticated adversaries. In this talk, I’ll explore how we adapt Internet measurement to these new deployment models to regain situational awareness and defend modern service deployments. I’ll introduce DScope, a new Internet telescope that continuously relocates its vantage point across public cloud infrastructure. Unlike prior approaches that use a fixed vantage point, this allows us to observe the most sophisticated attackers that actively avoid existing measurement infrastructure. Our dynamic approach also achieves a statistically representative view of cloud-based attacks, a property that we prove for the first time.

Using data from DScope, I’ll also discuss how the shared networking environment of public clouds leads to new vulnerabilities. We’ll examine the problem of latent configuration, which occurs when cloud customers reference network resources that are then reused by other tenants. This new security risk is uniquely enabled by public clouds, but through rigorous analysis and systems design we can make cloud deployments more secure in practice. I’ll conclude by discussing open problems and future work in leveraging Internet vantage points for security, with a focus on intelligent interactivity and rapid response to emergent threats.