CICI: Secure Data Architecture: CapNet: Secure Scientific Workloads with Capability Enabled Networks

CICI：安全数据架构：CapNet：通过能力支持的网络保护科学工作负载

• 批准号: 1547457
• 负责人: Jacobus VAN DER MERWE
• 金额: $ 50万
• 依托单位: University of Utah
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2019-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1547457&HistoricalAwards=false
• 关键词: CICI; Secure; Data; Architecture; CapNet

Modern scientific experiments have outgrown the capacity of a single lab. They require the storage and processing power of a datacenter, involve cross-institutional access to sensitive data, and span multiple domains of administrative trust. In such a setting, security is fragile. In the face of steady growth of sophisticated cyber-attack tools, modern server and desktop machines are fundamentally insecure. Over a hundred critical vulnerabilities that allow unrestricted access to the entire system are discovered in the Linux kernel each year. Lacking flexibility to express fine-grained access control policies, modern networks often give vulnerable hosts excessive or even unrestricted connectivity to the rest of the network. An exploit of any host enables attackers to explore, exploit and take control over an entire cyber facility. Without support from the network, scientific facilities will remain vulnerable. CapNet is a network architecture that enables secure, least privilege collaboration in the cross-institutional environment of a modern research facility. Building on the principles of capability access control, this research develops key elements needed to secure a network of a modern scientific infrastructure: 1) "off by default" behavior, with connectivity granted on as-needed basis; 2) mechanisms for decentralized, application-driven dynamic management of connectivity; and 3) a formal foundation enabling secure collaboration of fine-grained, dynamic, multi-institutional principals. The basis for CapNet's design is strong isolation of network activities with the mechanisms of software defined networks (SDN) and mediation of all communication between network hosts by a capability access control model. CapNet represents the network as an access control graph. Nodes are network hosts, edges (or "capabilities") are pointers to other hosts allowing communication and further exchange of rights. By controlling the initial distribution of capabilities and their flow, CapNet governs network interactions through fine-grained, application-driven policies that enable safe collaboration among multiple institutions and third-party services. Finally, while taking a holistic approach to network access control, CapNet remains practical: it retains compatibility with unmodified network network stacks, integrates with existing datacenter and cloud management stacks, enables incremental adoption, and is fast and scalable.

现代科学实验已经超过了一个实验室的能力。它们需要数据中心的存储和处理能力，涉及对敏感数据的跨机构访问，并跨越多个管理信任域。在这样的环境下，安全是脆弱的。面对复杂的网络攻击工具的稳步增长，现代服务器和台式机从根本上是不安全的。每年在Linux内核中都会发现一百多个允许不受限制地访问整个系统的关键漏洞。由于缺乏表达细粒度访问控制策略的灵活性，现代网络经常为易受攻击的主机提供过多甚至不受限制的到网络其余部分的连接。利用任何主机的漏洞，攻击者都可以探索、利用并控制整个网络设施。如果没有网络的支持，科学设施仍将脆弱不堪。CapNet是一种网络架构，可在现代研究机构的跨机构环境中实现安全、最低权限的协作。在能力访问控制原则的基础上，这项研究开发了确保现代科学基础设施网络安全所需的关键要素：1)“默认关闭”行为，根据需要授予连接；2)分散的、应用程序驱动的动态连接管理机制；以及3)支持细粒度、动态、多机构主体安全协作的正式基础。CapNet设计的基础是使用软件定义网络(SDN)机制对网络活动进行强隔离，并通过能力访问控制模型协调网络主机之间的所有通信。CapNet将网络表示为访问控制图。节点是网络主机，边(或“能力”)是指向允许通信和进一步交换权利的其他主机的指针。通过控制功能及其流量的初始分布，CapNet通过细粒度、应用驱动的策略管理网络交互，这些策略支持多个机构和第三方服务之间的安全协作。最后，虽然CapNet采用了全面的网络访问控制方法，但它仍然实用：它保留了与未经修改的网络网络堆栈的兼容性，与现有的数据中心和云管理堆栈集成，支持增量采用，并且快速且可扩展。