RINGS: NextSec: Zero-Trust, Programmable and Verifiable Security Transformation for NextG

RINGS：NextSec：NextG 的零信任、可编程和可验证安全转型

• 批准号: 2148374
• 负责人: Guofei Gu
• 金额: $ 100万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-05-01 至 2025-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2148374&HistoricalAwards=false
• 关键词: RINGS; NextSec; Zero; Trust; Programmable

NextG network systems are expected to connect billions of heterogeneous Internet of Thing (IoT) devices along with billions of people, enable machine-to-machine communications, and provide low-latency computational and storage resources on-demand at the devices and in the cloud. In NextG, many services will run dynamically as lightweight functionalities close to users to support ultra-low latency when storing/processing extremely critical data, for example, from autonomous vehicles and tele-surgery. Historically, however, many of these services have been developed/deployed with no security in mind, or simply with security as a reactive add-on. This kind of security practice may beget life-threatening consequences for critical NextG applications/services. The project’s novelties are the introduction of a revolutionary capability for secure architecture for NextG and a system, NextSec, that enhances the security of NextG services. This project provides a solid foundation and collaborative community for future system and network security research. The project team incorporate insights and results from this work into relevant courses, recruit/educate underrepresented students in computing, and transfer the developed technology to industry. To address the challenges in the secure composition of microservices in the pervasive, distributed user-to-edge-to-cloud continuum of NextG network systems, this project has three research thrusts. The concept of security transformation is new for addressing the various security issues of microservices. The Programmable Security thrust provides new primitives for supporting a software-defined way of enforcing user-to-edge-to-cloud security. Finally, the extended Maximal Causality Reduction methods offer efficient, scalable verification of complex security properties across microservices. The framework has been evaluated on Texas A&M Commercial 4G/5G Advanced Wireless Application Research Environment (AWARE) testbed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

NextG网络系统预计将连接数十亿个异构物联网(IoT)设备和数十亿人，实现机器对机器的通信，并在设备和云中按需提供低延迟计算和存储资源。在NextG中，许多服务将作为接近用户的轻量级功能动态运行，以支持在存储/处理极其关键的数据时的超低延迟，例如来自自动驾驶汽车和远程手术的数据。然而，从历史上看，这些服务中的许多在开发/部署时都没有考虑到安全性，或者只是将安全作为一个被动的附加组件。这种安全做法可能会给关键的NextG应用程序/服务带来危及生命的后果。该项目的创新之处在于为NextG的安全架构引入了革命性的能力，以及增强了NextG服务安全性的系统NextSec。该项目为今后的系统和网络安全研究提供了坚实的基础和协作的社区。项目团队将这项工作的见解和成果纳入相关课程，招募/教育计算机方面的代表不足的学生，并将开发的技术转移到行业中。为了应对下一代网络系统中普遍存在的分布式用户到边缘到云的连续统一体中微服务的安全组合方面的挑战，该项目有三个研究推动力。安全转换的概念对于解决微服务的各种安全问题是新的。可编程安全推力提供了新的原语，用于支持软件定义的实施用户到边缘到云安全的方式。最后，扩展的最大因果关系归约方法提供了跨微服务的复杂安全属性的高效、可扩展的验证。该框架已在德克萨斯州A&A&M商业4G/5G高级无线应用研究环境(AWAR)测试中进行了评估。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SysFlow: Toward a Programmable Zero Trust Framework for System Security

• DOI: 10.1109/tifs.2023.3264152
• 发表时间: 2023
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Sungmin Hong;Lei Xu;Jianwei Huang;Hongda Li;Hongxin Hu;G. Gu