CICI: Secure Data Architecture: CapNet: Secure Scientific Workloads with Capability Enabled Networks

CICI：安全数据架构：CapNet：通过能力支持的网络保护科学工作负载

• 批准号: 1547457
• 负责人: Jacobus VAN DER MERWE
• 金额: $ 50万
• 依托单位: University of Utah
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2019-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1547457&HistoricalAwards=false
• 关键词: CICI; Secure; Data; Architecture; CapNet

Modern scientific experiments have outgrown the capacity of a single lab. They require the storage and processing power of a datacenter, involve cross-institutional access to sensitive data, and span multiple domains of administrative trust. In such a setting, security is fragile. In the face of steady growth of sophisticated cyber-attack tools, modern server and desktop machines are fundamentally insecure. Over a hundred critical vulnerabilities that allow unrestricted access to the entire system are discovered in the Linux kernel each year. Lacking flexibility to express fine-grained access control policies, modern networks often give vulnerable hosts excessive or even unrestricted connectivity to the rest of the network. An exploit of any host enables attackers to explore, exploit and take control over an entire cyber facility. Without support from the network, scientific facilities will remain vulnerable. CapNet is a network architecture that enables secure, least privilege collaboration in the cross-institutional environment of a modern research facility. Building on the principles of capability access control, this research develops key elements needed to secure a network of a modern scientific infrastructure: 1) "off by default" behavior, with connectivity granted on as-needed basis; 2) mechanisms for decentralized, application-driven dynamic management of connectivity; and 3) a formal foundation enabling secure collaboration of fine-grained, dynamic, multi-institutional principals. The basis for CapNet's design is strong isolation of network activities with the mechanisms of software defined networks (SDN) and mediation of all communication between network hosts by a capability access control model. CapNet represents the network as an access control graph. Nodes are network hosts, edges (or "capabilities") are pointers to other hosts allowing communication and further exchange of rights. By controlling the initial distribution of capabilities and their flow, CapNet governs network interactions through fine-grained, application-driven policies that enable safe collaboration among multiple institutions and third-party services. Finally, while taking a holistic approach to network access control, CapNet remains practical: it retains compatibility with unmodified network network stacks, integrates with existing datacenter and cloud management stacks, enables incremental adoption, and is fast and scalable.

现代科学实验已经超出了单个实验室的能力。 它们需要数据中心的存储和处理能力，涉及对敏感数据的跨机构访问，并且跨越多个管理信任域。在这样的环境下，安全是脆弱的。面对复杂的网络攻击工具的稳定增长，现代服务器和台式机从根本上来说是不安全的。每年在 Linux 内核中都会发现一百多个允许不受限制地访问整个系统的严重漏洞。由于缺乏表达细粒度访问控制策略的灵活性，现代网络常常为易受攻击的主机提供过多甚至不受限制的与网络其余部分的连接。 对任何主机的利用使攻击者能够探索、利用和控制整个网络设施。如果没有网络的支持，科学设施将仍然脆弱。 CapNet 是一种网络架构，可在现代研究设施的跨机构环境中实现安全、最低权限的协作。基于能力访问控制的原则，本研究开发了保护现代科学基础设施网络所需的关键要素：1）“默认关闭”行为，根据需要授予连接； 2）去中心化、应用驱动的动态连接管理机制； 3) 一个正式的基础，能够实现细粒度、动态、多机构主体的安全协作。 CapNet 设计的基础是利用软件定义网络 (SDN) 机制对网络活动进行强隔离，并通过能力访问控制模型对网络主机之间的所有通信进行调解。 CapNet 将网络表示为访问控制图。节点是网络主机，边缘（或“功能”）是指向其他主机的指针，允许通信和进一步交换权利。 通过控制功能及其流程的初始分配，CapNet 通过细粒度、应用程序驱动的策略来管理网络交互，从而实现多个机构和第三方服务之间的安全协作。最后，在采用整体方法进行网络访问控制的同时，CapNet 仍然实用：它保留与未修改的网络网络堆栈的兼容性，与现有数据中心和云管理堆栈集成，支持增量采用，并且快速且可扩展。