TC: Small: Towards Customer-Centric Utility Computing

TC：小型：迈向以客户为中心的效用计算

• 批准号: 1117692
• 负责人: Trent Jaeger
• 金额: $ 48.8万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1117692&HistoricalAwards=false
• 关键词: TC; Small; Towards; Customer; Centric

In this project, we are exploring the association between computing tasks (jobs) and the computing resources assigned to run those jobs to improve the ability to deploy tasks to satisfy security requirements. Historically, the owners of the computing tasks also owned their computing resources, so they configured their resources to run their tasks efficiently and securely. However, configuring tasks to run securely has become so complex that the key knowledge is now distributed among several parties: cloud vendors configure host systems, OS distributors configure cloud instances, customers configure their application programs and network policies. The goal is to be able to collect this expertise into a single model to reason about how to deploy computing tasks to satisfy their security requirements. To do this, we are integrating the myriad of integrity measurement mechanisms into a comprehensive integrity measurement framework to enable reasoning about the satisfaction of a computing task's data security from installation to completion. Using this model, we are building a customer-centric utility computing service to choose an assignment of resources for computing tasks that satisfies data security requirements. When a customer deploys a computing task via such a service, the service will construct integrity-verified channels to her running jobs, which are secure communication channels that guarantee that the data sender adheres to a data security policy. Using such services, customers will be able to deploy computing jobs among cloud resources managed by several parties, while assuring that their data security requirements are satisfied automatically.

在这个项目中，我们正在探索计算任务（作业）与分配的运行这些作业的计算资源之间的关联，以提高部署任务以满足安全要求的能力。 从历史上看，计算任务的所有者也拥有​​他们的计算资源，因此他们配置了资源以有效，安全地运行任务。 但是，将任务配置为安全运行已变得如此复杂，以至于关键知识现在分布在几个方之间：云供应商配置主机系统，OS分发商配置云实例，客户配置其应用程序程序和网络策略。 目标是能够将此专业知识收集到一个单个模型中，以推理如何部署计算任务以满足其安全要求。 为此，我们将无数的完整性测量机制集成到了一个全面的完整性测量框架中，以实现从安装到完成的计算任务数据安全性满足的推理。 使用此模型，我们正在构建以客户为中心的实用程序计算服务，以选择满足数据安全要求的计算任务的资源分配。 当客户通过此类服务部署计算任务时，该服务将构建对跑步工作的完整性验证的渠道，这些渠道是安全的通信渠道，可确保数据发送者遵守数据安全策略。 使用此类服务​​，客户将能够在由多方管理的云资源中部署计算作业，同时确保其数据安全要求自动满足。