TC: Small: Towards Customer-Centric Utility Computing

Award #: 1117692
Amount Awarded: $488,024
Sponsoring Organization: NSF (CNS)
Grant Period: 09/2011-08/2014
Primary Investigator(s): Trent Jaeger

Abstract

In this project, we are exploring the association between computing tasks (jobs) and the computing resources assigned to run those jobs to improve the ability to deploy tasks to satisfy security requirements. Historically, the owners of the computing tasks also owned their computing resources, so they configured their resources to run their tasks efficiently and securely. However, configuring tasks to run securely has become so complex that the key knowledge is now distributed among several parties: cloud vendors configure host systems, OS distributors configure cloud instances, customers configure their application programs and network policies. The goal is to be able to collect this expertise into a single model to reason about how to deploy computing tasks to satisfy their security requirements. To do this, we are integrating the myriad of integrity measurement mechanisms into a comprehensive integrity measurement framework to enable reasoning about the satisfaction of a computing task's data security from installation to completion. Using this model, we are building a customer-centric utility computing service to choose an assignment of resources for computing tasks that satisfies data security requirements. When a customer deploys a computing task via such a service, the service will construct integrity-verified channels to her running jobs, which are secure communication channels that guarantee that the data sender adheres to a data security policy. Using such services, customers will be able to deploy computing jobs among cloud resources managed by several parties, while assuring that their data security requirements are satisfied automatically.

Related Research Projects

Related Publications