TC: Medium: Collaborative Research: Towards Self-Protecting Data Centers: A Systematic Approach

TC：媒介：协作研究：迈向自我保护数据中心：系统方法

• 批准号: 0905131
• 负责人: Peng Liu
• 金额: $ 50万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905131&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Towards

This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5). Data centers using virtual machine (VM) consolidation are taking over old computer rooms run by individual companies. However, consolidating services and resources does not consolidate security automatically. To meet the top two requirements for modern data centers, namely business continuity and information security, this research will take a systematic approach that leverages the emerging VM technologies to consolidate four areas of systems security research: redundancy, microscopic intrusion analysis and detection, automatic response, and diversity-driven protection. We will make innovative contributions on various aspects of security consolidation, including (1) An architecture and underlying techniques based on diversified replication towards defensive protection against unknown attacks; (2) Novel cross-layer and cross-VM methods for causal relation logging, event correlation, damage assessment, and forensics; (3) New intrusion detection techniques based on unique cross-VM-replica inconsistency checking techniques, and new cross-layer inconsistency checking methods; (4) A novel pipelining approach towards automated intrusion response; and (5) New techniques for on-the-fly data center intrusion confinement and recovery. Our research will result in significant advances in helping mission/life/business critical applications and information systems reduce risk, increase business continuity, and deliver data assurance in the presence of severe cyber attacks. Broader impact will also result from the education, outreach, and dissemination initiatives. Educational resources from this project, including course modules and teaching laboratory designs, will be disseminated through a dedicated Website. Key Words: self-protection; recovery; virtual machine monitor; causal relations; availability

该奖项是根据2009年美国复苏和再投资法案（公法111-5）资助的。使用虚拟机（VM）整合的数据中心正在接管由个别公司运营的旧机房。但是，整合服务和资源不会自动整合安全性。为了满足现代数据中心的两大需求，即业务连续性和信息安全性，本研究将采取系统化的方法，利用新兴的虚拟机技术来整合系统安全研究的四个领域：冗余，微观入侵分析和检测，自动响应和多样性驱动的保护。我们将在安全整合的各个方面做出创新性贡献，包括（1）基于多样化复制的架构和底层技术，以防御未知攻击;（2）用于因果关系日志记录、事件关联、损害评估和取证的新颖跨层和跨VM方法;（3）基于独特的跨虚拟机副本不一致性检查技术的新入侵检测技术，以及新的跨层不一致性检查方法;（4）一种新颖的自动入侵响应流水线方法;以及（5）用于动态数据中心入侵限制和恢复的新技术。我们的研究将在帮助使命/生命/业务关键型应用程序和信息系统降低风险，提高业务连续性，并在严重网络攻击的情况下提供数据保证方面取得重大进展。教育、外联和传播举措也将产生更广泛的影响。该项目的教育资源，包括课程模块和教学实验室设计，将通过一个专门的网站传播。关键词：自我保护;恢复;虚拟机监控器;因果关系;可用性