TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

TWC：TTP 选项：前沿：协作：MACS：云安全的模块化方法

• 批准号: 1413920
• 负责人: Srini Devadas
• 金额: $ 320万
• 依托单位: Massachusetts Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1413920&HistoricalAwards=false
• 关键词: TWC; TTP; Option; Frontier; Collaborative

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees. The MACS project addresses a diverse set of security challenges. These include the design of hardware with built-in secrecy and integrity properties, small and versatile operating systems that offer minimal functionality but are simpler and easier to analyze, privacy-preserving and verifiable memory access for outsourced applications, security-preserving overlay and software-defined networks, and algorithms for privacy-preserving verifiable outsourced computations and database systems. Crucially, we combine all of these security mechanisms with their piecemeal analyses into a global security guarantee. Furthermore, the analysis is modular, allowing the substitution of components with others that provide potentially comparable guarantees based on different techniques and trust assumptions. The research team comprises experts in different aspects of information security and cryptography. The research is highly collaborative and pools together key areas of expertise in order to provide overall security guarantees. A key component of the project is the Massachusetts Open Cloud, which provides the research team with a test-bed for deploying and testing the developed mechanisms in a production cloud. The project involves a significant outreach component with a number of goals. One goal is to introduce technology professionals to cybersecurity and its central role for our society and economy. Another goal is to introduce K-12 students to cybersecurity, and through it to computer science in general. The program targets students from both under-represented minorities and students with exceptional academic potential.

模块化云安全性方法（MAC）项目的目标是开发具有有意义的多层安全保证的信息系统的方法。 MAC的模块化方法集中于由较小和可分开的功能组件构建的系统，其中每个组件的安全性单独断言，并且整个系统的安全性可以从其组件的安全性中得出。该项目集中于构建以客户为中心的安全保证的外包，基于云的信息服务。 MACS项目应对各种安全挑战。其中包括具有内置保密和完整性属性的硬件设计，这些功能的小型且多功能的操作系统可提供最小的功能，但更容易分析，更容易分析外包应用程序，安全性和可验证的内存访问，安全性叠加叠加层和软件 - 定义的网络和算法，用于保护隐私的可验证外包计算和数据库系统。至关重要的是，我们将所有这些安全机制及其零星分析结合在一起，成为全球安全保证。此外，该分析是模块化的，允许与其他人替代基于不同技术和信任假设的其他可比较保证的组件。 研究团队包括在信息安全和密码学的不同方面的专家。这项研究是高度协作的，并将关键的专业知识汇总在一起，以提供整体安全保证。该项目的关键组成部分是马萨诸塞州的开放云，该云为研究团队提供了一个测试床，用于部署和测试生产云中开发机制。该项目涉及具有许多目标的重要外展部分。一个目标是向技术专业人员介绍网络安全及其对我们社会和经济的核心作用。另一个目标是向K-12学生介绍网络安全，并通过它通往计算机科学。该计划的目标是来自代表性不足的少数群体和具有卓越学术潜力的学生。

项目成果

Notary: a device for secure transaction approval

• DOI: 10.1145/3341301.3359661
• 发表时间: 2019-10
• 期刊: Proceedings of the 27th ACM Symposium on Operating Systems Principles
• 作者: Anish Athalye;A. Belay;M. Kaashoek;R. Morris;Nickolai Zeldovich