CICI: Secure Data Architecture: CapNet: Secure Scientific Workloads with Capability Enabled Networks

CICI：安全数据架构：CapNet：通过能力支持的网络保护科学工作负载

• 批准号: 1547457
• 负责人: Jacobus VAN DER MERWE
• 金额: $ 50万
• 依托单位: University of Utah
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2019-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1547457&HistoricalAwards=false
• 关键词: CICI; Secure; Data; Architecture; CapNet

Modern scientific experiments have outgrown the capacity of a single lab. They require the storage and processing power of a datacenter, involve cross-institutional access to sensitive data, and span multiple domains of administrative trust. In such a setting, security is fragile. In the face of steady growth of sophisticated cyber-attack tools, modern server and desktop machines are fundamentally insecure. Over a hundred critical vulnerabilities that allow unrestricted access to the entire system are discovered in the Linux kernel each year. Lacking flexibility to express fine-grained access control policies, modern networks often give vulnerable hosts excessive or even unrestricted connectivity to the rest of the network. An exploit of any host enables attackers to explore, exploit and take control over an entire cyber facility. Without support from the network, scientific facilities will remain vulnerable. CapNet is a network architecture that enables secure, least privilege collaboration in the cross-institutional environment of a modern research facility. Building on the principles of capability access control, this research develops key elements needed to secure a network of a modern scientific infrastructure: 1) "off by default" behavior, with connectivity granted on as-needed basis; 2) mechanisms for decentralized, application-driven dynamic management of connectivity; and 3) a formal foundation enabling secure collaboration of fine-grained, dynamic, multi-institutional principals. The basis for CapNet's design is strong isolation of network activities with the mechanisms of software defined networks (SDN) and mediation of all communication between network hosts by a capability access control model. CapNet represents the network as an access control graph. Nodes are network hosts, edges (or "capabilities") are pointers to other hosts allowing communication and further exchange of rights. By controlling the initial distribution of capabilities and their flow, CapNet governs network interactions through fine-grained, application-driven policies that enable safe collaboration among multiple institutions and third-party services. Finally, while taking a holistic approach to network access control, CapNet remains practical: it retains compatibility with unmodified network network stacks, integrates with existing datacenter and cloud management stacks, enables incremental adoption, and is fast and scalable.

现代科学实验已经超过了一个实验室的能力。 他们需要数据中心的存储和处理能力，涉及跨机构访问敏感数据，并跨越管理信任的多个领域。在这种情况下，安全性是脆弱的。面对复杂的网络攻击工具的稳定增长，现代服务器和台式机从根本上是不安全的。每年在Linux内核中发现了一百多个允许无限制访问整个系统的关键漏洞。缺乏表达细粒度访问控制策略的灵活性，现代网络通常会使弱势宿主与网络其余部分过度甚至不受限制地连接。 对任何主机的利用使攻击者能够探索，利用和控制整个网络设施。没有网络的支持，科学设施将保持脆弱。 CAPNET是一种网络体系结构，可以在现代研究机构的跨机构环境中实现安全，最少的特权协作。基于能力访问控制的原则，这项研究开发了确保现代科学基础设施网络所需的关键要素：1）“默认情况下”行为，并在需要的基础上授予了连接性； 2）用于分散，应用程序驱动的连接动态管理的机制； 3）正式的基金会，实现了精细元素，动态，多机构的原理的安全合作。 CAPNET设计的基础是通过软件定义网络（SDN）的机制强烈隔离网络活动，以及通过功能访问控制模型对网络主机之间所有通信的调解。 CAPNET将网络表示为访问控制图。节点是网络主机，边缘（或“功能”）是其他主机的指示，允许沟通和进一步交流权利。 通过控制功能及其流的初始分布，CAPNET通过精细的，以应用程序驱动的策略来控制网络交互，这些策略可以在多个机构和第三方服务之间进行安全的协作。最后，在采用整体方法来进行网络访问控制时，CAPNET仍然是实用的：它保留了与未修改的网络网络堆栈的兼容性，与现有数据中心和云管理堆栈集成，启用增量采用，并且可以快速且可扩展。