RINGS: NextSec: Zero-Trust, Programmable and Verifiable Security Transformation for NextG

RINGS：NextSec：NextG 的零信任、可编程和可验证安全转型

• 批准号: 2148374
• 负责人: Guofei Gu
• 金额: $ 100万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-05-01 至 2025-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2148374&HistoricalAwards=false
• 关键词: RINGS; NextSec; Zero; Trust; Programmable

NextG network systems are expected to connect billions of heterogeneous Internet of Thing (IoT) devices along with billions of people, enable machine-to-machine communications, and provide low-latency computational and storage resources on-demand at the devices and in the cloud. In NextG, many services will run dynamically as lightweight functionalities close to users to support ultra-low latency when storing/processing extremely critical data, for example, from autonomous vehicles and tele-surgery. Historically, however, many of these services have been developed/deployed with no security in mind, or simply with security as a reactive add-on. This kind of security practice may beget life-threatening consequences for critical NextG applications/services. The project’s novelties are the introduction of a revolutionary capability for secure architecture for NextG and a system, NextSec, that enhances the security of NextG services. This project provides a solid foundation and collaborative community for future system and network security research. The project team incorporate insights and results from this work into relevant courses, recruit/educate underrepresented students in computing, and transfer the developed technology to industry. To address the challenges in the secure composition of microservices in the pervasive, distributed user-to-edge-to-cloud continuum of NextG network systems, this project has three research thrusts. The concept of security transformation is new for addressing the various security issues of microservices. The Programmable Security thrust provides new primitives for supporting a software-defined way of enforcing user-to-edge-to-cloud security. Finally, the extended Maximal Causality Reduction methods offer efficient, scalable verification of complex security properties across microservices. The framework has been evaluated on Texas A&M Commercial 4G/5G Advanced Wireless Application Research Environment (AWARE) testbed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

NextG网络系统预计将连接数十亿异构物联网（IoT）设备和数十亿人，实现机器对机器通信，并在设备和云中按需提供低延迟计算和存储资源。在NextG中，许多服务将作为轻量级功能在用户附近动态运行，以支持超低延迟存储/处理极其关键的数据，例如来自自动驾驶汽车和远程手术的数据。然而，从历史上看，这些服务中的许多都是在开发/部署时没有考虑到安全性，或者只是将安全性作为响应式附加组件。这种安全实践可能会对关键的NextG应用程序/服务产生危及生命的后果。该项目的创新之处在于为nexttg引入了一种革命性的安全架构能力，并引入了NextSec系统，增强了nexttg服务的安全性。该项目为未来系统和网络安全研究提供了坚实的基础和协作社区。项目团队将这项工作的见解和结果纳入相关课程，招募/教育未被充分代表的计算机学生，并将开发的技术转移到工业中。为了解决在NextG网络系统的普及、分布式用户到边缘到云连续体中微服务安全组合的挑战，该项目有三个研究重点。安全转换的概念是用于解决微服务的各种安全问题的新概念。可编程安全推力提供了新的原语，用于支持软件定义的方式来执行用户到边缘到云的安全性。最后，扩展的最大因果约简方法为跨微服务的复杂安全属性提供了高效、可扩展的验证。该框架已在Texas A&amp商用4G/5G高级无线应用研究环境（AWARE）测试平台上进行了评估。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SysFlow: Toward a Programmable Zero Trust Framework for System Security

• DOI: 10.1109/tifs.2023.3264152
• 发表时间: 2023
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Sungmin Hong;Lei Xu;Jianwei Huang;Hongda Li;Hongxin Hu;G. Gu