Emergency BU Alert Boston University's Charles River and Medical Center Campuses will be closed all day Tuesday, January 27, 2015. When classes resume, they will resume on the regular class schedule. Whether or how classes are to be made up is at the discretion of the faculty member. Please note: Employees in essential services must report as scheduled. Essential services include, but are not limited to, University Police, Public Safety, Emergency Patient Treatment, Facilities Management and Planning, Environmental Health & Safety, University Dining Services, Mail Services, Student Health Services, Occupational and Environmental Medicine and the University Switchboard. For the very latest information, please go to BU Today at http://www.bu.edu/today and the Emergency Communications page at http://www.bu.edu/ehs/comm

BU Today

Science & Tech

Securing the Cloud

BU researchers on team to move cybersecurity from theory to practice

2
Ran Canetti, Director, Boston University Center for Reliable Information Systems and Cyber Security, Massachusetts Open Cloud, MOC, Modular Approach to Cloud Security, MACS

Ran Canetti, director of the BU Center for Reliable Information Systems and Cyber Security, will lead the effort to build a modular cybersecurity system for the Massachusetts Open Cloud. Photo courtesy of the BU Department of Computer Science

The Massachusetts Open Cloud (MOC), a one-of-a-kind marketplace model for customizable public cloud offerings now being built a team of researchers from BU and several other universities, may soon claim another first: a modular cybersecurity system built from smaller, separate functional components, each asserting its own security individually. As a result, the security of the system as a whole will be derived from the security of its components, rather than from a single firewall, as is currently the case with most cloud systems.

The cutting-edge approach will be designed by researchers from Boston University, MIT, the University of Connecticut, and Northeastern University with funding from a five-year, $10 million Frontier grant from the National Science Foundation, $5.3 million of which will go to BU. The effort, known as the Modular Approach to Cloud Security (MACS), will be led by Ran Canetti, professor of computer science at the College of Arts & Sciences and director of the BU Center for Reliable Information Systems and Cyber Security.

“Our goal is to build a cloud with clear and transparent security properties,” says Canetti. “If successful, this project will transform the way we currently build and argue about secure systems.” Canetti says the goal involves more than developing hardware and software: it depends on understanding new ideas. Still, he says “we hope to build an actual system.”

Azer Bestavros, a CAS professor of computer science and the founding director of the Rafik B. Hariri Institute for Computing and Computational Science & Engineering, says that, to date, people have talked about modular security in a theoretical sense, but making it a practical reality remains “a dream.”

“The problem with typical security on a cloud is that there is no way to check everything,” says Bestavros. “The systems are too big, and there are too many different technologies. Trying to secure the whole thing is a lost cause.”

To understand the MACS modular approach, says Bestavros, imagine making a house secure by securing every room and then combining all of the secure pieces. “It’s a very difficult problem,” he says. “We hope to take it from theory to practice in a real cloud.”

Among the many challenges and needs presented by the project are hardware with built-in secrecy and integrity properties; small and versatile operating systems that offer minimal functionality but are simpler and easier to analyze; privacy-preserving and verifiable memory access for outsourced applications; and algorithms for privacy-preserving, verifiable outsourced computations and database systems.

In addition to Canetti and Bestavros, the BU team working on the project includes Jonathan Appavoo, assistant professor of computer science at CAS; Sharon Goldberg, assistant professor of computer science at CAS and Hariri Institute Junior Faculty Fellow; George Kollios, professor of computer science at CAS; and Orran Krieger, a research professor in the department of computer science and Director of the Hariri Institute’s Cloud Computing Initiative.

Massachusetts Green High Performance Computing Center, MGHPCC, Massachusetts Open Cloud, MOC

The MACS project will use as a test bed the Massachusetts Open Cloud (MOC), now being built at the Massachusetts Green High Performance Computing Center in a collaborative effort by researchers from BU, Harvard, UMass Amherst, MIT, and Northeastern University. Photo by Cydney Scott

The MACS project will use as a test bed the Massachusetts Open Cloud now being built in a collaborative effort by researchers from BU, Harvard, UMass Amherst, MIT, and Northeastern University, as well as the Massachusetts Green High-Performance Computing Center (MGHPCC) and Oak Ridge National Laboratory (ORNL). Software developers will interpret early research results and code them into a privacy-preserving solution to allow users of the MOC to share systems data, a capability that will offer more choices for researchers conducting experiments on cloud computing and allow them to build high-performance systems at a fraction of the current cost

Bestavros says BU’s work on MOC helped the University win the latest Frontier award from the NSF. “That kind of work enables us to be competitive for things like this,” says Bestavros. “It really puts BU in the leadership of computing research.”

The MACS project includes an education component, which offers programs that familiarize technology professionals with cybersecurity and its central role in our society and economy. It will also support new programs that will introduce K–12 students to cybersecurity and to computer science more broadly. The K–12 program will target students from demographic groups that are under-represented in the sciences as well as students with exceptional academic potential.

2 Comments
Art Jahnke

Art Jahnke can be reached at jahnke@bu.edu.

2 Comments on Securing the Cloud

  • Just another BU parent on 08.01.2014 at 11:53 am

    How does one verify mathematically verify whether the cloud has “transparent security properties”?
    I would think that would be a fundamental question for a computer scientist!

    • Azer Bestavros on 08.02.2014 at 7:38 pm

      Great question! It is not clear that transparency can be mathematically “proven” but at least through the use of open-source code base and the use of various technologies (such as TPM platforms) it is possible to build trust in the hardware/software infrastructure that make up the “cloud”.

Post Your Comment

(never shown)