SDI-CSCS: Collaborative Research: S2OS Enabling Infrastructure-Wide Programmable Security with SDI

SDI-CSCS：协作研究：S2OS 通过 SDI 实现基础设施范围内的可编程安全性

• 批准号: 1834216
• 负责人: Zhiqiang Lin
• 金额: $ 39.34万
• 依托单位: Ohio State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-01-01 至 2022-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1834216&HistoricalAwards=false
• 关键词: SDI; CSCS; Collaborative; Research; S2OS

Traditionally, many of our critical systems have been developed with security as a reactive add-on, rather than a by default design. As a result, existing security mechanisms are often fragmented, hard to configure or verify, which makes it difficult to defend against various cyber attacks. This project will build the "holy grail" for enterprise/cloud/data-center security management with software-defined infrastructure (SDI): a unified framework for security and management of disparate resources, ranging from processes to storage to networking. Cloud computing is now an essential part of our national cyberinfrastructure; the proposed work will lower the total cost of ownership for clouds - further unlocking economic and environmental benefits - as well as improving the security of today's clouds.This project proposes S2OS (SDI-defined Security Operating System), which abstracts security capabilities and primitives at both the host Operating System (OS) and network levels and offers an easy-to-use and programmable security model for monitoring and dynamically securing applications. This project will explore new techniques to transparently compose software into a unified enterprise, even if the individual pieces were never explicitly designed to inter-operate, similar in a way a traditional operating system managing various hardware resources for upper-layer user applications. Further, this project will contribute new ways to leverage global information for making effective local security management decisions. Finally, this project enables new innovations in programming dynamic, host-network coordinated, and intelligent security applications to protect the entire infrastructure.This project will make significant contributions to how enterprise, data centers and cloud computing are securely built and managed. The project's PIs will engage in educational and outreach activities to train the next generation talent. In particular, the PIs plan to integrate the interdisciplinary research ideas into courses spanning networking, systems and security. The project will also actively encourage participation from underrepresented groups and transfer technology to industry partners.

传统上，我们的许多关键系统都是用安全性作为一个反应性附加组件开发的，而不是默认的设计。结果，现有的安全机制通常是分散的，难以配置或验证，这使得很难防御各种网络攻击。该项目将使用软件定义的基础架构（SDI）构建用于企业/云/数据中心安全管理的“圣杯”：一个统一的安全和不同资源管理框架，从流程到存储到网络，范围从流程到网络。云计算现在是我们国家网络基础设施的重要组成部分。拟议的工作将降低云的总拥有成本 - 进一步释放经济和环境收益 - 以及改善当今云的安全性。本项目提出了S2OS（SDI定义的安全操作系统），从而使安全能力和原始功能和原始措施在主机操作系统（OS）和网络级别上都提供了易于使用的安全性，并提供了一种易于使用和程序，并提供了一个易于使用和程序，以监视和程序化的模型。该项目将探索新的技术，以将软件透明地构成统一的企业，即使单个部件从未明确设计为相互互动的，以一种传统的操作系统管理各种硬件资源用于上层用户应用程序。此外，该项目将贡献新的方式来利用全球信息来做出有效的本地安全管理决策。最后，该项目可以在编程动态，主机网络协调和智能安全应用程序中进行新的创新，以保护整个基础架构。此项目将对企业，数据中心和云计算的构建和管理如何为企业，数据中心和云计算做出重大贡献。该项目的PI将从事教育和外展活动，以培训下一代人才。特别是，PIS计划将跨学科研究思想整合到涵盖网络，系统和安全性的课程中。该项目还将积极鼓励代表性不足的群体和将技术转移给行业合作伙伴的参与。

项目成果

Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries

• 发表时间: 2019
• 作者: Wubing Wang;Yinqian Zhang;Zhiqiang Lin

Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps

• DOI: 10.1145/3319535.3354240
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Chaoshun Zuo;Haohuang Wen;Zhiqiang Lin;Yinqian Zhang

Exploiting Unprotected I/O Operations in AMD's Secure Encrypted Virtualization

• 发表时间: 2019
• 作者: Mengyuan Li;Yinqian Zhang;Zhiqiang Lin;Yan Solihin

A Measurement Study of Wechat Mini-Apps

• DOI: 10.1145/3460081
• 发表时间: 2021-06
• 期刊: Proceedings of the ACM on Measurement and Analysis of Computing Systems
• 作者: Yue Zhang;Bayan Turkistani;A. Yang;Chaoshun Zuo;Zhiqiang Lin

Towards Memory Safe Enclave Programming with Rust-SGX

• DOI: 10.1145/3319535.3354241
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Huibo Wang;Pei Wang;Yu Ding;Mingshen Sun;Yiming Jing;Ran Duan;Long Li;Yulong Zhang;Tao W