权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

SaTC: CORE: Small: Secure Cloud Storage Verification Methods

SaTC：核心：小型：安全云存储验证方法

基本信息

批准号：
1813401
负责人：
Loukas Lazos
金额：
$ 50万
依托单位：
University of Arizona
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2018
资助国家：
美国
起止时间：
2018-08-15 至 2023-07-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1813401&HistoricalAwards=false
关键词：
SaTC CORE Small Secure Cloud

项目摘要

With the continuously decreasing costs of cloud services, many organizations including government agencies, healthcare providers, financial institutions, universities, and enterprises outsource large data repositories to cloud service providers (CSPs). Doing this relieves organizations from the financial burden of deploying and maintaining in-house data infrastructures. However, storing data with third parties exposes organizations to legal and financial liabilities should the data leak, become unavailable, or be lost. To reduce these risks, CSPs employ reliable storage technologies which are outlined in service level agreements (SLAs) negotiated with their clients. An SLA states data availability/reliability guarantees against misconfigurations, attacks, and any other disruption. Current SLAs, however, do not specify mechanisms for verifying that the CSP is adhering to the SLA terms. Accidental misconfigurations or attacks can lead to irrecoverable data loss that is detected only long after it has occurred. Moreover, economically motivated CSPs may choose to circumvent the SLA to reduce their operational costs. This project aims to design and test auditing mechanisms for provably and efficiently verifying adherence to SLA terms. The effort is well-aligned with national priorities on critical infrastructure security and resilience. It will result in cloud architectures, storage algorithms, and network and security protocols that strengthen the security, privacy, and usability of cloud storage systems, advancing the state-of-the-art on reliable and secure data storage. The project team will also use the work to inform the development of related courses and a cybersecurity certificate program, as well as supporting outreach efforts to middle and high school students and to groups traditionally underrepresented in computer science.The research agenda is organized around two major activities. The first activity investigates storage verification methods that not only prove the existence of the outsourced data but also verify the storage of redundant information for recovering from attacks and failures. Achieving such high levels of assurance is challenging because redundant information can be easily regenerated on-the-fly whenever the CSP is challenged to prove its existence. Effective auditing mechanisms require the joint design of the verification, coding, and data recovery processes to optimize the security-reliability-resource-efficiency tradeoffs while preserving data privacy and supporting data updatability. The second activity explores the physical storage verification at multiple storage nodes within a data center and/or between data centers. The team approaches the physical storage and geodiversity verification problems from the realistic standpoint of utilizing bounds on the physical resources such as network delay (which can be set conservatively). This allows technology-agnostic storage verification methods that are future-proof. A core project goal is the integration of logical and physical storage verification methods under a single suite of protocols. This integration is jointly considered with practical operational aspects of cloud systems, including data maintenance, dynamic data update, and privacy preservation.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着云服务成本的不断降低，包括政府机构、医疗保健提供商、金融机构、大学和企业在内的许多组织将大型数据存储库外包给云服务提供商（csp）。这样做可以减轻组织部署和维护内部数据基础设施的财务负担。但是，如果数据泄露、不可用或丢失，将数据存储在第三方会使组织承担法律和财务责任。为了降低这些风险，云计算服务提供商采用可靠的存储技术，这些技术在与客户协商的服务水平协议（sla）中概述。SLA声明数据可用性/可靠性保证，防止错误配置、攻击和任何其他中断。但是，当前的SLA并没有指定验证CSP是否遵守SLA条款的机制。意外的错误配置或攻击可能导致无法恢复的数据丢失，而这种丢失只有在发生很久之后才会被检测到。此外，出于经济动机的csp可能会选择规避SLA以降低其运营成本。该项目旨在设计和测试审计机制，以有效地验证SLA条款的遵守情况。这项工作与国家在关键基础设施安全和复原力方面的优先事项完全一致。它将产生云架构、存储算法、网络和安全协议，增强云存储系统的安全性、隐私性和可用性，推动可靠和安全数据存储的发展。项目团队还将利用这项工作为相关课程和网络安全证书项目的开发提供信息，并支持面向初高中学生和传统上在计算机科学领域代表性不足的群体的推广工作。研究议程围绕两个主要活动展开。第一个活动调查存储验证方法，这些方法不仅证明外包数据的存在，而且还验证冗余信息的存储，以便从攻击和故障中恢复。实现如此高水平的保证是具有挑战性的，因为每当CSP面临证明其存在的挑战时，冗余信息很容易在动态中重新生成。有效的审计机制需要验证、编码和数据恢复过程的联合设计，以优化安全性-可靠性-资源效率的权衡，同时保护数据隐私并支持数据可更新性。第二个活动探索数据中心内和/或数据中心之间的多个存储节点的物理存储验证。该团队从现实的角度来处理物理存储和地理多样性验证问题，利用物理资源的界限，如网络延迟（可以保守设置）。这允许技术无关的存储验证方法是面向未来的。核心项目目标是在一套协议下集成逻辑和物理存储验证方法。这种集成与云系统的实际操作方面（包括数据维护、动态数据更新和隐私保护）联合考虑。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。