The Massachusetts Open Cloud (MOC), a one-of-a-kind marketplace model for customizable public cloud offerings now being built a team of researchers from BU and several other universities, may soon claim another first: a modular cybersecurity system built from smaller, separate functional components, each asserting its own security individually. As a result, the security of the system as a whole will be derived from the security of its components, rather than from a single firewall, as is currently the case with most cloud systems.
The cutting-edge approach will be designed by researchers from Boston University, MIT, the University of Connecticut, and Northeastern University with funding from a five-year, $10 million Frontier grant from the National Science Foundation, $5.3 million of which will go to BU. The effort, known as the Modular Approach to Cloud Security (MACS), will be led by Ran Canetti, professor of computer science at the College of Arts & Sciences and director of the BU Center for Reliable Information Systems and Cyber Security.
“Our goal is to build a cloud with clear and transparent security properties,” says Canetti. “If successful, this project will transform the way we currently build and argue about secure systems.” Canetti says the goal involves more than developing hardware and software: it depends on understanding new ideas. Still, he says “we hope to build an actual system.”
Azer Bestavros, a CAS professor of computer science and the founding director of the Rafik B. Hariri Institute for Computing and Computational Science & Engineering, says that, to date, people have talked about modular security in a theoretical sense, but making it a practical reality remains “a dream.”
“The problem with typical security on a cloud is that there is no way to check everything,” says Bestavros. “The systems are too big, and there are too many different technologies. Trying to secure the whole thing is a lost cause.”
To understand the MACS modular approach, says Bestavros, imagine making a house secure by securing every room and then combining all of the secure pieces. “It’s a very difficult problem,” he says. “We hope to take it from theory to practice in a real cloud.”
Among the many challenges and needs presented by the project are hardware with built-in secrecy and integrity properties; small and versatile operating systems that offer minimal functionality but are simpler and easier to analyze; privacy-preserving and verifiable memory access for outsourced applications; and algorithms for privacy-preserving, verifiable outsourced computations and database systems.
In addition to Canetti and Bestavros, the BU team working on the project includes Jonathan Appavoo, assistant professor of computer science at CAS; Sharon Goldberg, assistant professor of computer science at CAS and Hariri Institute Junior Faculty Fellow; George Kollios, professor of computer science at CAS; and Orran Krieger, a research professor in the department of computer science and Director of the Hariri Institute’s Cloud Computing Initiative.
The MACS project will use as a test bed the Massachusetts Open Cloud now being built in a collaborative effort by researchers from BU, Harvard, UMass Amherst, MIT, and Northeastern University, as well as the Massachusetts Green High-Performance Computing Center (MGHPCC) and Oak Ridge National Laboratory (ORNL). Software developers will interpret early research results and code them into a privacy-preserving solution to allow users of the MOC to share systems data, a capability that will offer more choices for researchers conducting experiments on cloud computing and allow them to build high-performance systems at a fraction of the current cost
Bestavros says BU’s work on MOC helped the University win the latest Frontier award from the NSF. “That kind of work enables us to be competitive for things like this,” says Bestavros. “It really puts BU in the leadership of computing research.”
The MACS project includes an education component, which offers programs that familiarize technology professionals with cybersecurity and its central role in our society and economy. It will also support new programs that will introduce K–12 students to cybersecurity and to computer science more broadly. The K–12 program will target students from demographic groups that are under-represented in the sciences as well as students with exceptional academic potential.