GGrantIndex
← Search

CSR: Medium: CloudTracker: Transparent, Secure Provenance Tracking and Security Policy Enforcement in Clouds

$870,996FY2012CSENSF

Suny At Stony Brook, Stony Brook NY

Investigators

Abstract

As companies, governments, and individual users adopt increasingly diverse computing platforms, from outsourced cloud computations to personal laptops and mobile devices, enforcing uniform security policies across these platforms becomes unwieldy. Similarly, regulatory compliance and business auditing requires tracking the history of this data in a comprehensive, secure, and platform-independent manner. Unfortunately, technology has not kept pace with these practical concerns, and several systems and security research challenges must be addressed to make this vision a reality. There is a natural and under-explored connection between understanding the origins of data and using that data's history to enforce security policies. To leverage this connection, this project is developing a comprehensive, general framework for automatically tracking the history of data and enforcing associated security policies in cloud computing environments. The research focuses on three key research challenges. First, the project investigates novel applications of virtualization technologies to transparently infer data provenance by inspecting a guest operating system (OS) and applications. Second, this project is developing techniques to securely store, manage, and query provenance data at cloud scale. Finally, the project combines the first two technologies to transparently and collaboratively enforce security policies throughout the cloud and end-user systems. The prototype system is designed to allow individual users and organizations to rapidly adopt new technology platforms, from clouds to novel end-user systems, without having to worry about the interaction of these new systems with security policies and regulatory compliance concerns.

View original record on NSF Award Search →