TC: Medium: Collaborative Research: Towards Self-Protecting Data Centers: A Systematic Approach

TC：媒介：协作研究：迈向自我保护数据中心：系统方法

• 批准号: 0905131
• 负责人: Peng Liu
• 金额: $ 50万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905131&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Towards

This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5). Data centers using virtual machine (VM) consolidation are taking over old computer rooms run by individual companies. However, consolidating services and resources does not consolidate security automatically. To meet the top two requirements for modern data centers, namely business continuity and information security, this research will take a systematic approach that leverages the emerging VM technologies to consolidate four areas of systems security research: redundancy, microscopic intrusion analysis and detection, automatic response, and diversity-driven protection. We will make innovative contributions on various aspects of security consolidation, including (1) An architecture and underlying techniques based on diversified replication towards defensive protection against unknown attacks; (2) Novel cross-layer and cross-VM methods for causal relation logging, event correlation, damage assessment, and forensics; (3) New intrusion detection techniques based on unique cross-VM-replica inconsistency checking techniques, and new cross-layer inconsistency checking methods; (4) A novel pipelining approach towards automated intrusion response; and (5) New techniques for on-the-fly data center intrusion confinement and recovery. Our research will result in significant advances in helping mission/life/business critical applications and information systems reduce risk, increase business continuity, and deliver data assurance in the presence of severe cyber attacks. Broader impact will also result from the education, outreach, and dissemination initiatives. Educational resources from this project, including course modules and teaching laboratory designs, will be disseminated through a dedicated Website. Key Words: self-protection; recovery; virtual machine monitor; causal relations; availability

该奖项是根据2009年美国复苏和再投资法案（公法111-5）资助的。使用虚拟机（VM）整合的数据中心正在取代由单个公司运营的旧机房。但是，合并业务和资源并不会自动合并安全性。为了满足现代数据中心的两大需求，即业务连续性和信息安全，本研究将采用系统的方法，利用新兴的虚拟机技术，整合系统安全研究的四个领域：冗余、微观入侵分析和检测、自动响应和多样性驱动保护。我们将在安全整合的各个方面做出创新贡献，包括：(1)基于多样化复制的防御未知攻击的体系结构和底层技术；(2)基于因果关系记录、事件关联、损害评估和取证的跨层、跨虚拟机新方法；(3)基于独特的跨虚拟机副本不一致检测技术的入侵检测新技术，以及新的跨层不一致检测方法；(4)一种新的自动化入侵响应管道方法；(5)动态数据中心入侵约束与恢复新技术。我们的研究将在帮助任务/生活/业务关键应用程序和信息系统降低风险，提高业务连续性，并在存在严重网络攻击时提供数据保障方面取得重大进展。教育、外联和传播活动也将产生更广泛的影响。该项目的教育资源，包括课程模块和教学实验室设计，将通过一个专门的网站发布。关键词：自我保护；复苏;虚拟机监控；因果关系;可用性