CT-ISG: Trusted Passages: Managing Distributed Trust to Meet the Needs of Emerging Applications

CT-ISG：可信通道：管理分布式信任以满足新兴应用程序的需求

• 批准号: 0627430
• 负责人: Mustaque Ahamad
• 金额: $ 35万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0627430&HistoricalAwards=false
• 关键词: CT; ISG; Trusted; Passages; Managing

AbstractPI: Ahamad; CoPIs: Lee and SchwanCritical applications that range from operational information systems used ingovernment and commercial settings to those that run daily e-commerceweb services rely on distributed computing systems to produce, process, and disseminate information in a trustworthy fashion. Attacks on such applications and the underlying infrastructure can severely limittheir ability to meet end-user needs. The inherent complexity of applications,technologies, and platforms in today's large scale distributed systems makes it extremely challenging to create services that can continue to behave ina trustworthy manner in the presence of attacks. In this research project, a new approach is proposed to meet the trust needs of applications by integrating modern system virtualization techniques with new methods for runtime trust monitoring and assessment. This approach dynamically creates and maintains an abstraction called a trusted passage that encapsulates processing, storage and communication resources required by an application. Such resources exist across distributed and potentially untrusted execution platforms. Trust controllers, which monitor application execution, determine at runtime when some resources associated with a trusted passages may have become compromised and need to be replaced by others. Trusted passages leverage new capabilities soon to be part of most, if not all, computational and network platforms. Thus, even with an insecure Internet, our goal is to continually assess the distributed computational platforms being used by applications, and based on that information, provide trustedservices to critical applications. This research fosters close collaboration among security and systems researchers and strengthens ongoing interactions with multiple industry research partners.

摘要PI：Ahamad; CoPI：Lee和SchwanCritical应用程序的范围从政府和商业环境中使用的操作信息系统到运行日常电子商务网络服务的应用程序，都依赖于分布式计算系统以可信的方式生产，处理和传播信息。对这些应用程序和底层基础设施的攻击可能会严重限制它们满足最终用户需求的能力。在当今的大规模分布式系统中，应用程序、技术和平台的固有复杂性使得创建能够在存在攻击的情况下继续以值得信赖的方式运行的服务极具挑战性。在这个研究项目中，提出了一种新的方法来满足应用程序的信任需求，通过集成现代系统虚拟化技术与运行时信任监控和评估的新方法。这种方法动态地创建和维护一个称为可信通道的抽象，它封装了应用程序所需的处理、存储和通信资源。这些资源存在于分布式和潜在不可信的执行平台上。监控应用程序执行的信任控制器在运行时确定与受信任通道相关联的一些资源何时可能已被危及并且需要被其他资源替换。可信通道利用了即将成为大多数（如果不是全部）计算和网络平台的一部分的新功能。因此，即使在不安全的互联网上，我们的目标是不断评估应用程序使用的分布式计算平台，并根据这些信息，为关键应用程序提供可信服务。这项研究促进了安全和系统研究人员之间的密切合作，并加强了与多个行业研究合作伙伴的持续互动。