TC: Small: Towards Customer-Centric Utility Computing

TC：小型：迈向以客户为中心的效用计算

• 批准号: 1117692
• 负责人: Trent Jaeger
• 金额: $ 48.8万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1117692&HistoricalAwards=false
• 关键词: TC; Small; Towards; Customer; Centric

In this project, we are exploring the association between computing tasks (jobs) and the computing resources assigned to run those jobs to improve the ability to deploy tasks to satisfy security requirements. Historically, the owners of the computing tasks also owned their computing resources, so they configured their resources to run their tasks efficiently and securely. However, configuring tasks to run securely has become so complex that the key knowledge is now distributed among several parties: cloud vendors configure host systems, OS distributors configure cloud instances, customers configure their application programs and network policies. The goal is to be able to collect this expertise into a single model to reason about how to deploy computing tasks to satisfy their security requirements. To do this, we are integrating the myriad of integrity measurement mechanisms into a comprehensive integrity measurement framework to enable reasoning about the satisfaction of a computing task's data security from installation to completion. Using this model, we are building a customer-centric utility computing service to choose an assignment of resources for computing tasks that satisfies data security requirements. When a customer deploys a computing task via such a service, the service will construct integrity-verified channels to her running jobs, which are secure communication channels that guarantee that the data sender adheres to a data security policy. Using such services, customers will be able to deploy computing jobs among cloud resources managed by several parties, while assuring that their data security requirements are satisfied automatically.

在这个项目中，我们正在探索计算任务（作业）和分配给运行这些作业的计算资源之间的关联，以提高部署任务的能力，以满足安全需求。 从历史上看，计算任务的所有者也拥有自己的计算资源，因此他们配置自己的资源以高效安全地运行任务。 然而，配置安全运行的任务变得如此复杂，以至于关键知识现在分布在几个方面：云供应商配置主机系统，操作系统分销商配置云实例，客户配置他们的应用程序和网络策略。 我们的目标是能够将这些专业知识收集到一个模型中，以推理如何部署计算任务以满足其安全需求。 要做到这一点，我们正在整合无数的完整性测量机制到一个全面的完整性测量框架，使推理的满意度计算任务的数据安全从安装到完成。 使用这个模型，我们正在建立一个以客户为中心的效用计算服务，选择一个分配的资源，满足数据安全要求的计算任务。 当客户通过这样的服务部署计算任务时，服务将构造到她正在运行的作业的完整性验证通道，这些通道是保证数据发送者遵守数据安全策略的安全通信通道。 使用这些服务，客户将能够在由多方管理的云资源中部署计算作业，同时确保自动满足其数据安全要求。