TWC: Small: Auditing PII in the Cloud with CloudFence

TWC：小型：使用 CloudFence 审核云中的 PII

• 批准号: 1222748
• 负责人: Angelos Keromytis
• 金额: $ 50万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1222748&HistoricalAwards=false
• 关键词: TWC; Small; Auditing; PII; Cloud

This project will investigate, prototype and evaluate CloudFence, a proposed framework that allows users to independently audit the treatment of their private data by third-party online services, through the intervention of the cloud provides hosting said services. Specifically, the PI will investigate, novel techniques for conducting fine-grained tracking of ``information of interest'' (as defined by the user of the cloud service, in a flexible, context-sensitive manner) toward (a) providing increased transparency to end users of the handling of their information by the cloud, and (b) enabling the periodic (or even continuous) auditing of said handling, either by the user or an agent acting on her behalf. The underlying hypothesis is that it is possible to create a general-purpose, application-agnostic information tracking mechanism across the cloud that can operate on both legacy and newly developed applications, such that users can leverage their trust on the infrastructure provider without imposing unreasonable constraints on said provider (e.g., not requiring manual inspection of applications). The project will take a systems approach, aiming to demonstrate the feasibility, effectiveness, and limitations of CloudFence by applying it to real problems encountered in managing the cloud computing infrastructure of the PI's department; a significant part of the effort will go toward system evaluation. Tangible results of the effort include (a) a new architectural framework for information auditing in a cloud environment, (b) software prototypes demonstrating the concepts, (c) conference and journal publications and reports, and (d) a network security lab focusing on cloud and web security.

该项目将调查、原型化和评估 CloudFence，这是一个拟议的框架，允许用户通过云提供托管服务的干预来独立审核第三方在线服务对其私人数据的处理。具体来说，PI 将研究用于对“感兴趣的信息”（由云服务用户以灵活、上下文敏感的方式定义）进行细粒度跟踪的新技术，以实现 (a) 提供更高的透明度向最终用户告知云处理其信息的情况，以及 (b) 由用户或代表她的代理对所述处理进行定期（甚至连续）审核。基本假设是，可以在云中创建一个通用的、与应用程序无关的信息跟踪机制，该机制可以在遗留应用程序和新开发的应用程序上运行，这样用户就可以利用他们对基础设施提供商的信任，而无需施加不合理的限制关于所述提供商（例如，不需要手动检查应用程序）。该项目将采用系统方法，旨在通过将CloudFence应用于管理PI部门云计算基础设施时遇到的实际问题来展示CloudFence的可行性、有效性和局限性；很大一部分工作将用于系统评估。这项工作的具体成果包括（a）云环境中信息审计的新架构框架，（b）演示概念的软件原型，（c）会议和期刊出版物和报告，以及（d）专注于云和网络安全。