NSF Convergence Accelerator Track G: PETS: Programmable Zero-Trust Security for Operating Through 5G Infrastructure

NSF 融合加速器轨道 G：PETS：通过 5G 基础设施运行的可编程零信任安全

• 批准号: 2226339
• 负责人: Guofei Gu
• 金额: $ 75万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-15 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2226339&HistoricalAwards=false
• 关键词: NSF; Convergence; Accelerator; Track; PETS

5G mobile communication technology has been standardized to provide high-speed Internet connectivity to various devices and support diverse applications/services. The request for enhanced security is becoming a critical issue when users such as DoD want to securely operate through the current 5G infrastructure. The goal of this proposal is to provide the DoD (and any 5G users and operators) with new, flexible, and programmable zero-trust security capability when operating through existing 5G infrastructure. This project provides a solid foundation and collaborative community for existing and future 5G security operation and research. The key broader social impacts and societal benefits include improved economic outputs, safety, security, privacy, cost of regulation, liability, interruption protection, and distribution of access. This multi-institute project includes experts in security, networking/communication, telecom operation, convergence research, public policy, user study, team science, and national security applications from multiple academic institutions (including an HBCU) and industry partners. This project seeks to broaden participation in the convergence accelerator research by engaging with diverse stakeholder groups including private and public organizations, decision makers, and members of the public, particularly under-represented minority groups. Transitioning from existing research collectively done by the team, this project proposes to build an innovative programmable zero-trust security solution called PETS to enable unified, infrastructure-wide, dynamic, and granular flow-level security control across the entire 5G infrastructure, including end devices, 5G Radio Access Network (RAN), and 5G core network. Based on the proposed system, the 5G operators, developers and/or users can easily write security applications to customize their specific security needs and realize zero-trust security features. Such new security applications can continuously maintain and evaluate risks of accesses, and provide finer-grained, programmable access control and isolation of resources in 5G infrastructure. This project allows military, government, or critical infrastructure operators to securely operate through existing 5G infrastructure with respect to either non-cooperative or cooperative networks. It also enables new innovations in programming dynamic and intelligent security applications to protect the entire 5G infrastructure.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

5G移动的通信技术已经被标准化，以向各种设备提供高速互联网连接并支持各种应用/服务。当国防部等用户希望通过当前的5G基础设施安全运行时，对增强安全性的要求正成为一个关键问题。该提案的目标是为国防部（以及任何5G用户和运营商）提供新的，灵活的，可编程的零信任安全能力，通过现有的5G基础设施进行操作。该项目为现有和未来的5G安全运营和研究提供了坚实的基础和协作社区。关键的更广泛的社会影响和社会效益包括改善经济产出、安全、安保、隐私、监管成本、责任、中断保护和访问分配。这个多机构项目包括来自多个学术机构（包括HBCU）和行业合作伙伴的安全，网络/通信，电信运营，融合研究，公共政策，用户研究，团队科学和国家安全应用方面的专家。该项目旨在通过与不同的利益相关者群体，包括私营和公共组织，决策者和公众成员，特别是代表性不足的少数群体进行接触，扩大对趋同加速器研究的参与。从团队共同完成的现有研究过渡到该项目，该项目建议构建一个名为PETS的创新可编程零信任安全解决方案，以在整个5G基础设施（包括终端设备，5G无线接入网络（RAN）和5G核心网络）中实现统一，基础设施范围，动态和粒度的流级安全控制。基于该系统，5G运营商、开发人员和/或用户可以轻松编写安全应用程序，以定制其特定的安全需求，并实现零信任安全功能。这些新的安全应用可以持续维护和评估访问风险，并提供更细粒度的可编程访问控制和5G基础设施中资源的隔离。该项目允许军方、政府或关键基础设施运营商通过现有的5G基础设施在非合作或合作网络中安全运营。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense

• DOI: 10.1109/dac56929.2023.10247972
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Zheyuan Ma;Xi Tan;Lukasz Ziarek;Ning Zhang;Hongxin Hu;Ziming Zhao

SysFlow: Toward a Programmable Zero Trust Framework for System Security

• DOI: 10.1109/tifs.2023.3264152
• 发表时间: 2023
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Sungmin Hong;Lei Xu;Jianwei Huang;Hongda Li;Hongxin Hu;G. Gu

BYOZ: Protecting BYOD Through Zero Trust Network Security

BYOZ：通过零信任网络安全保护 BYOD

• 发表时间: 2022
• 期刊: and Storage
• 作者: Anderson, John;Huang, Qiqing;Cheng, Long;Hu, Hongxin
• 通讯作者: Hu, Hongxin

xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses

• 发表时间: 2023
• 期刊: Proceedings of the 36th Annual Computer Security Applications Conference
• 作者: Feng Wei;Hongda Li;Ziming Zhao;Hongxin Hu