CAREER: Infrastructure for Secure Cloud Computing

职业：安全云计算基础设施

• 批准号: 1558500
• 负责人: Thomas Ristenpart
• 金额: $ 38.52万
• 依托单位: Cornell University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-06-01 至 2019-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1558500&HistoricalAwards=false
• 关键词: CAREER; Infrastructure; Secure; Cloud; Computing

Infrastructure-as-a-service (IaaS) cloud computing systems are revolutionizing business, government, and science by providing easy access to scalable computing. These public services, as offered by Amazon, Google, Microsoft, and others, allow an arbitrary customer to rent, by the hour, the resources needed to run their applications within virtual machines (VMs) hosted on the provider?s compute infrastructure. With these new services, however, comes subtle new security issues. Prior work by the PI uncovered attacks that abuse two aspects unique to cloud computing: resource sharing among mutually distrustful customers and pricing that incentivizes malicious behavior. The proposed research is organized along the two themes of resource sharing and pricing. In the first theme, the work explores whether cryptographic side channel attacks and resource-freeing attacks pose serious threats to cloud customers and then develops new placement and CPU scheduling algorithms that realize the security principle of soft isolation: minimization of potentially dangerous cross-user scheduling interactions (e.g., sharing a server or CPU core). Within the second theme, the work explores the implications of fine-grained pricing mechanisms on security. This includes developing pricemarks (mechanisms for accurately determining the true costs of a cloud service), understanding customer-controlled placement gaming that exploits cloud performance heterogeneity, and explores pricing-based security mechanisms that, in conjunction with the aforementioned scheduling mechanisms, will degrade fiscal incentivizes for adversarial behavior. The impact of the proposed work will be deeper understanding of threats in cloud IaaS systems, new security design principles, deployable security technologies, and improvements in security education.

基础架构 - 服务（IAAS）云计算系统正在通过轻松访问可扩展计算来彻底改变业务，政府和科学。这些公共服务由亚马逊，Google，Microsoft和其他人提供，允许任意客户在一小时内租用在提供商计算基础架构上托管的虚拟机（VMS）中运行其应用所需的资源。 但是，随着这些新服务，带来了细微的新安全问题。 PI的先前工作发现了滥用云计算所独有的两个方面的攻击：互不信任的客户之间的资源共享，并定价激励恶意行为。拟议的研究是沿资源共享和定价的两个主题组织的。在第一个主题中，该作品探讨了加密侧渠道攻击和资源避免攻击是否对云客户构成严重威胁，然后开发新的位置和CPU调度算法，这些算法实现了软隔离的安全原则：最小化潜在危险危险的跨用户计划交互（例如，共享服务器或CPU核心）。 在第二个主题中，该作品探讨了细粒度定价机制对安全性的影响。这包括开发定价（用于准确确定云服务的真实成本的机制），了解利用云性能异质性的客户控制的放置游戏，并探索基于定价的安全机制，并结合上述时间表的调度机制激励对抗行为。拟议工作的影响将是对云IAAS系统，新的安全设计原则，可部署安全技术的威胁​​的更深入了解以及安全教育的改进。