CSR: Medium: Security and Isolation in the Era of Microservices

CSR：中：微服务时代的安全与隔离

基本信息

批准号：
2203152
负责人：
Aditya Akella
金额：
$ 120万
依托单位：
University of Texas at Austin
依托单位国家：
美国
项目类别：
Continuing Grant
财政年份：
2021
资助国家：
美国
起止时间：
2021-10-01 至 2024-07-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2203152&HistoricalAwards=false
关键词：
CSR Medium Security Isolation Era

项目摘要

Years ago, applications such as news, e-commerce, or banking websites ran on computers deployed at organizations owning them. Today, with the advent of "cloud computing", such applications instead run in a far-away server farm operated by third-parties. Because the computers are shared by many applications, it is crucial to ensure that one application in the cloud, such as a news website, does not compromise the confidentiality or integrity of another application (e.g., a banking website) running on the same set of computers. The goal of this project is to develop systems that ensure cloud applications are suitably protected without sacrificing their performance and ability to grow/shrink. This goal will be realized by developing two core building blocks to achieve optimal trade-offs between isolation and performance/agility. The first is variable isolation, where we automatically determine the least privilege and best isolation techniques needed for components of an application, and deploy the highest (weakest) isolation where needed most (least). The second is isolation-aware replication, where tenants selectively replicate their compute and storage within higher-isolation sandboxes. Finally, the project will develop new programming models for correct distributed execution of microservices-based applications.The research, if successful, will improve both the performance and the security posture of cloud-based applications. Research outcomes of the project, including the experimental harnesses and datasets, will be released open-source, enabling others in research and industry to directly build on them. The project will lead to the development of new courses and boot camps that focus on microservices, lambda-style computation, and isolation. The course/boot camp material will be made publicly available. The project aims to integrate the research into outreach efforts aimed at women, under-represented minorities, non-traditional students, and high school students.The project and its research artifacts will be hosted at https://bitbucket.org/uw-madison-networking-research/isolation. This site will include research publications, software, datasets, presentations, and tutorials. This site will be kept up to date for the entire duration of the project and for 2-3 years immediately following the project's culmination.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

多年前，新闻、电子商务或银行网站等应用程序运行在部署在拥有这些应用程序的组织的计算机上。如今，随着“云计算”的出现，此类应用程序改为在第三方运营的远程服务器场中运行。由于计算机由许多应用程序共享，因此确保云中的一个应用程序（例如新闻网站）不会损害在同一组计算机上运行的另一个应用程序（例如银行网站）的机密性或完整性至关重要。电脑。该项目的目标是开发系统，确保云应用程序得到适当的保护，而不牺牲其性能和增长/收缩的能力。这一目标将通过开发两个核心构建模块来实现，以实现隔离性和性能/敏捷性之间的最佳权衡。第一个是变量隔离，我们自动确定应用程序组件所需的最低权限和最佳隔离技术，并在最需要（最少）的地方部署最高（最弱）的隔离。第二个是隔离感知复制，租户有选择地在更高隔离度的沙箱中复制其计算和存储。最后，该项目将开发新的编程模型，以正确分布式执行基于微服务的应用程序。该研究如果成功，将提高基于云的应用程序的性能和安全状况。该项目的研究成果，包括实验工具和数据集，将开源发布，使研究和工业界的其他人能够直接在其基础上进行构建。该项目将导致新课程和训练营的开发，重点关注微服务、lambda 式计算和隔离。课程/训练营材料将公开。该项目旨在将研究整合到针对女性、代表性不足的少数族裔、非传统学生和高中生的推广工作中。该项目及其研究成果将托管在 https://bitbucket.org/uw-madison -网络研究/隔离。该网站将包括研究出版物、软件、数据集、演示文稿和教程。该网站将在整个项目期间以及项目结束后的 2-3 年内保持最新状态。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响进行评估，被认为值得支持审查标准。