NSF Convergence Accelerator Track G: PETS: Programmable Zero-Trust Security for Operating Through 5G Infrastructure

NSF 融合加速器轨道 G：PETS：通过 5G 基础设施运行的可编程零信任安全

• 批准号: 2226339
• 负责人: Guofei Gu
• 金额: $ 75万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-15 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2226339&HistoricalAwards=false
• 关键词: NSF; Convergence; Accelerator; Track; PETS

5G mobile communication technology has been standardized to provide high-speed Internet connectivity to various devices and support diverse applications/services. The request for enhanced security is becoming a critical issue when users such as DoD want to securely operate through the current 5G infrastructure. The goal of this proposal is to provide the DoD (and any 5G users and operators) with new, flexible, and programmable zero-trust security capability when operating through existing 5G infrastructure. This project provides a solid foundation and collaborative community for existing and future 5G security operation and research. The key broader social impacts and societal benefits include improved economic outputs, safety, security, privacy, cost of regulation, liability, interruption protection, and distribution of access. This multi-institute project includes experts in security, networking/communication, telecom operation, convergence research, public policy, user study, team science, and national security applications from multiple academic institutions (including an HBCU) and industry partners. This project seeks to broaden participation in the convergence accelerator research by engaging with diverse stakeholder groups including private and public organizations, decision makers, and members of the public, particularly under-represented minority groups. Transitioning from existing research collectively done by the team, this project proposes to build an innovative programmable zero-trust security solution called PETS to enable unified, infrastructure-wide, dynamic, and granular flow-level security control across the entire 5G infrastructure, including end devices, 5G Radio Access Network (RAN), and 5G core network. Based on the proposed system, the 5G operators, developers and/or users can easily write security applications to customize their specific security needs and realize zero-trust security features. Such new security applications can continuously maintain and evaluate risks of accesses, and provide finer-grained, programmable access control and isolation of resources in 5G infrastructure. This project allows military, government, or critical infrastructure operators to securely operate through existing 5G infrastructure with respect to either non-cooperative or cooperative networks. It also enables new innovations in programming dynamic and intelligent security applications to protect the entire 5G infrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

5G移动通信技术已被标准化，可以为各种设备提供高速Internet连接，并支持各种应用程序/服务。当DOD等用户想通过当前的5G基础架构安全操作时，增强安全性的要求正在成为一个关键问题。该提案的目的是通过现有的5G基础架构运行时，为DOD（以及任何5G用户和运营商）提供新的，灵活和可编程的零信任安全能力。该项目为现有和未来的5G安全操作和研究提供了坚实的基础和协作社区。更广泛的社会影响和社会福利的关键包括改善经济产出，安全性，安全性，隐私，监管成本，责任，中断保护和访问分配。这个多工资项目包括来自多个学术机构（包括HBCU）和行业合作伙伴的安全，网络/通信，电信研究，融合研究，公共政策，用户研究，团队科学以及国家安全应用程序的专家。该项目旨在通过与包括私人和公共组织，决策者以及公众（尤其是代表性不足的少数群体）在内的不同利益相关者群体进行互动来扩大融合加速器研究的参与。该项目从团队共同完成的现有研究过渡，提议建立一个名为PET的创新的可编程零值安全解决方案，以使整个5G基础设施，包括最终设备，5G无线电网络（RAN）和5G Core网络，在整个5G基础架构中，在整个5G基础架构中均可构建统一的，范围内的基础设施，动态和颗粒状流量级安全控制。基于提出的系统，5G操作员，开发人员和/或用户可以轻松编写安全应用程序以自定义其特定的安全需求并实现零值得的安全功能。这样的新安全应用程序可以不断地维护和评估访问的风险，并提供5G基础架构中资源的较细粒，可编程访问控制和隔离。该项目允许军事，政府或关键基础设施运营商通过现有的5G基础设施对非合作或合作网络进行安全操作。它还可以在编程动态和智能安全应用程序中进行新的创新，以保护整个5G基础架构。该奖项反映了NSF的法定任务，并且使用基金会的知识分子优点和更广泛的影响评估审查标准，认为值得通过评估来获得支持。

项目成果

Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense

• DOI: 10.1109/dac56929.2023.10247972
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Zheyuan Ma;Xi Tan;Lukasz Ziarek;Ning Zhang;Hongxin Hu;Ziming Zhao

SysFlow: Toward a Programmable Zero Trust Framework for System Security

• DOI: 10.1109/tifs.2023.3264152
• 发表时间: 2023
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Sungmin Hong;Lei Xu;Jianwei Huang;Hongda Li;Hongxin Hu;G. Gu

BYOZ: Protecting BYOD Through Zero Trust Network Security

BYOZ：通过零信任网络安全保护 BYOD

• 发表时间: 2022
• 期刊: and Storage
• 作者: Anderson, John;Huang, Qiqing;Cheng, Long;Hu, Hongxin
• 通讯作者: Hu, Hongxin

xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses

• 发表时间: 2023
• 期刊: Proceedings of the 36th Annual Computer Security Applications Conference
• 作者: Feng Wei;Hongda Li;Ziming Zhao;Hongxin Hu