CSR: Small: Cloud Security on Demand

CSR：小：按需云安全

• 批准号: 1218817
• 负责人: Ruby Lee
• 金额: $ 50万
• 依托单位: Princeton University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1218817&HistoricalAwards=false
• 关键词: CSR; Small; Cloud; Security; Demand

Cloud computing provides many benefits including convenience, consolidation, compatibility, and cost-reduction. However, security is a major concern, since cloud resources are shared with other users who may be adversarial. The goal of this research is to define a framework for security-on-demand: cloud customers can request the security they need and cloud providers can map these security requests to the appropriate secure servers. Since customers have different security needs, a range of threat models is explored together with servers with different security capabilities. Research contributions include (1) new strategies for measuring cloud server security capabilities, and (2) new hardware-software mechanisms for collecting runtime trust evidence that a server is enforcing a customer's requested security policy. (3) Secure protocols are designed for collecting and reporting server security capabilities to cloud management software, as well as (4) a hardware-software security verification methodology to verify these protocols, using model checking and other tools. (5) Novel actionable models of cloud servers? security properties that can be matched to customers' requests are implemented by new trust monitoring and policy enforcement modules. Also, (6) hardware mechanisms and migration protocols for secure Virtual Machine migration to improve cloud security are designed. The broader impact of this work includes providing greater security in cloud computing for customers, allowing cloud providers to differentiate their offerings with security provisioning using different secure server architectures, enabling the specification and provisioning of customized and verifiable security, and providing a research platform for investigating secure hardware and software architecture in a cloud environment.

云计算提供了许多好处，包括便利、整合、兼容性和降低成本。 然而，安全性是一个主要问题，因为云资源是与可能存在敌意的其他用户共享的。 这项研究的目标是定义一个按需安全的框架：云客户可以请求他们需要的安全，云提供商可以将这些安全请求映射到适当的安全服务器。 由于客户有不同的安全需求，因此与具有不同安全能力的服务器一起探索一系列威胁模型。 研究贡献包括（1）用于衡量云服务器安全功能的新策略，以及（2）用于收集服务器正在执行客户请求的安全策略的运行时信任证据的新硬件软件机制。 (3) 安全协议旨在收集并向云管理软件报告服务器安全能力，以及 (4) 硬件-软件安全验证方法，使用模型检查和其他工具来验证这些协议。 (5) 云服务器新的可操作模型？可以与客户请求相匹配的安全属性是通过新的信任监控和策略执行模块来实现的。此外，(6)设计了用于安全虚拟机迁移的硬件机制和迁移协议，以提高云安全性。 这项工作的更广泛影响包括为客户提供更高的云计算安全性，允许云提供商使用不同的安全服务器架构通过安全配置来区分其产品，支持定制和可验证的安全性的规范和配置，并提供一个研究平台来调查云环境中的安全硬件和软件架构。