The goal of this NSF Frontier project is to develop methods for building information systems with meaningful multi-layered security guarantees. Arguably, reasoning about all the security aspects of systems “in one blow” is not feasible. The approach we take is thus modular: We aim at systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where security of the system as a whole can be derived from the security of its components.
We concentrate on building outsourced, cloud-based information services with client-centric security guarantees. Cloud computing is re-defining the structure, layering and compartmentalization of systems, networking and application software. Security-wise, this is both a challenge and an opportunity: On the one hand, previously trusted system functionalities are now performed by untrusted components, introducing a host of vulnerabilities. On the other hand, cloud computing provides opportunities to simplify, modularize and extend system components, thus enhancing the potential for more effective security analysis.
We address a diverse set of security challenges. These include the design of hardware with built-in secrecy and integrity properties; small and versatile operating systems that offer minimal functionality but are simpler and easier to analyze; privacy-preserving and verifiable memory access for outsourced applications; security-preserving overlay and software-defined networks; and algorithms for privacy-preserving verifiable outsourced computations and database systems. Crucially, we combine all of these security mechanisms with their piecemeal analyses into a global security guarantee. Furthermore, the analysis is modular, allowing the substitution of components with others that provide potentially comparable guarantees based on different techniques and trust assumptions.
The research team comprises of experts in different aspects of information security and cryptography. The research is highly collaborative and pools together key areas of expertise in order to provide overall security guarantees. A key component of the project is the Massachusetts Open Cloud, which provides the research team with a test-bed for deploying and testing the developed mechanisms in a production cloud.
The project involves a significant outreach component with a number of goals. One goal is to introduce technology professionals to cybersecurity and its central role for our society and economy. Another goal is to introduce K-12 students to cybersecurity, and to computer science in general. Here we target students from under-represented minorities and students with exceptional academic potential. The program involves developing new curricula and reaching out to target groups.