TWC: Medium: TCloud: A Self-Defending, Self-Evolving and Self-Accounting Trustworthy Cloud Platform

TWC：媒介：TCloud：一个自我防御、自我进化、自我记账的可信云平台

• 批准号: 1314945
• 负责人: Jacobus VAN DER MERWE
• 金额: $ 100万
• 依托单位: University of Utah
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1314945&HistoricalAwards=false
• 关键词: TWC; Medium; TCloud; Self; Defending

The use of cloud computing has revolutionized the way in which cyber infrastructure is used and managed. The on-demand access to seemingly infinite resources provided by this paradigm has enabled technical innovation and indeed innovative business models and practices. This rosy picture is threatened, however, by increasing nefarious interest in cloud platforms. Specifically, the shared tenant, shared resource nature of cloud platforms, as well as the natural accrual of valuable information in cloud platforms, provide both the incentive and the possible means of exploitation. To address these concerns we are developing a self-defending, self-evolving, and self-accounting trustworthy cloud platform, the TCloud. Our approach in realizing TCloud holds to the following five tenets. First, defense-in-depth through innate containment, separation and diversification at the architectural level. Second, least authority by clear separation of functionality and associated privilege within the architecture. Third, explicit orchestration of security functions based on cloud-derived and external intelligence. Fourth, moving-target-defense through deception and dynamic evolution of the platform. Fifth, verifiable accountability through light weight validation and auditable monitoring, record keeping and analysis.Our approach to fundamentally refactor the cloud architecture to explicitly enable security related functionality lays the foundation for truly trustworthy cloud computing. Given the unrelenting push towards the use of cloud technologies our work has broad applicability across industry, healthcare, government and academia. All software we develop will be released to the community in open source form.

云计算的使用彻底改变了网络基础设施的使用和管理方式。这种模式提供的按需访问看似无限的资源，使技术创新和创新的商业模式和实践成为可能。然而，这种美好的景象受到了对云平台日益增长的恶意兴趣的威胁。具体而言，云平台的共享租户、共享资源性质以及云平台中有价值信息的自然积累，既提供了开发的动机，也提供了开发的可能手段。为了解决这些问题，我们正在开发一个自我防御、自我进化、自我核算的可信云平台——TCloud。我们实现TCloud的方法坚持以下五个原则。首先，在架构层面通过固有的遏制、分离和多样化进行纵深防御。其次，通过清晰地分离架构内的功能和相关特权来实现权限最小化。第三，基于云衍生和外部智能的安全功能的明确编排。第四，移动目标欺骗防御与平台的动态演化。第五，通过轻量级验证和可审计的监控、记录保存和分析，可验证的问责制。我们从根本上重构云架构以明确启用安全相关功能的方法，为真正值得信赖的云计算奠定了基础。鉴于对云技术使用的不懈推动，我们的工作在工业、医疗保健、政府和学术界具有广泛的适用性。我们开发的所有软件都将以开源的形式发布给社区。