I-Corps: Trustworthy Cyberspace Through Data-Security as a Service.

I-Corps：通过数据安全即服务实现值得信赖的网络空间。

• 批准号: 1558967
• 负责人: Mohit Tiwari
• 金额: $ 5万
• 依托单位: University of Texas at Austin
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2016-02-29
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1558967&HistoricalAwards=false
• 关键词: Corps; Trustworthy; Cyberspace; Through; Data

Data breaches are a major threat to societal progress. The use of computers in financial, healthcare, and in any business enterprise requires that sensitive data be protected from unauthorized access. However, banks like JP Morgan Chase, medical insurance companies like Anthem, and enterprises like Target and Home Depot have been the target of massive data breaches that have cost millions of dollars, eroded trust and reputation among users, and in some cases, even cost the chief executives their jobs. As we move towards wiring up homes, offices, and vehicles to computers, it is imperative that we lay a secure foundation that protects sensitive data.Breaches occur because data is vulnerable when in use by applications. Once an application is exploited, it is used to leak sensitive data records to an unauthorized user. Neither regulating policies and processes through regulations like HIPAA nor encrypting data at rest and in transit can fully address such breaches that stem from compromised apps. Instead, data-security as a service is introduced. The team's key insight is that while existing security mechanisms protect applications, the proposed platform takes users' access control policies, translates them into information flow control policies on untrusted apps automatically, and ensures that even if an app is malicious or compromised it cannot leak data to an unauthorized user or remote server. In addition to protecting data, the proposed platform frees enterprises from vetting each application they trust sensitive data to - this could unleash many creative apps for users and enterprises that today do not have access to sensitive data. This I-Corps team has been in touch with several external resources that will assist the team in accomplishing the required I-Corps objectives and customer discovery. This includes high-level executives from hospitals, platform providers, and medical application developers.

数据泄露是对社会进步的重大威胁。在金融、医疗保健和任何商业企业中使用计算机都需要保护敏感数据免受未经授权的访问。然而，摩根大通（JP Morgan Chase）等银行、安森（Anthem）等医疗保险公司，以及塔吉特（Target）和家得宝（Home Depot）等企业一直是大规模数据泄露的目标，这些数据泄露造成了数百万美元的损失，侵蚀了用户的信任和声誉，在某些情况下，甚至导致首席执行官丢了工作。当我们开始将家庭、办公室和车辆连接到计算机时，我们必须奠定一个保护敏感数据的安全基础。数据泄露的发生是因为数据在被应用程序使用时很容易受到攻击。一旦应用程序被利用，它就会被用来将敏感数据记录泄露给未经授权的用户。无论是通过诸如HIPAA之类的法规来规范政策和流程，还是对静态和传输中的数据进行加密，都无法完全解决源自受感染应用程序的此类违规行为。相反，数据安全作为一种服务被引入。该团队的关键见解是，虽然现有的安全机制保护应用程序，但提议的平台采用用户的访问控制策略，将其自动转换为不受信任应用程序的信息流控制策略，并确保即使应用程序是恶意的或被破坏的，它也不会将数据泄露给未经授权的用户或远程服务器。除了保护数据之外，该平台还将使企业免于审查他们信任的每个应用程序的敏感数据——这可能会为目前无法访问敏感数据的用户和企业释放许多创造性的应用程序。这个I-Corps团队已经与一些外部资源取得了联系，这些资源将帮助团队完成所需的I-Corps目标和发现客户。这包括来自医院、平台提供商和医疗应用程序开发人员的高级管理人员。