GGrantIndex
← Search

I-Corps: Trustworthy Cyberspace Through Data-Security as a Service.

$50,000FY2015TIPNSF

University Of Texas At Austin, Austin TX

Investigators

Abstract

Data breaches are a major threat to societal progress. The use of computers in financial, healthcare, and in any business enterprise requires that sensitive data be protected from unauthorized access. However, banks like JP Morgan Chase, medical insurance companies like Anthem, and enterprises like Target and Home Depot have been the target of massive data breaches that have cost millions of dollars, eroded trust and reputation among users, and in some cases, even cost the chief executives their jobs. As we move towards wiring up homes, offices, and vehicles to computers, it is imperative that we lay a secure foundation that protects sensitive data. Breaches occur because data is vulnerable when in use by applications. Once an application is exploited, it is used to leak sensitive data records to an unauthorized user. Neither regulating policies and processes through regulations like HIPAA nor encrypting data at rest and in transit can fully address such breaches that stem from compromised apps. Instead, data-security as a service is introduced. The team's key insight is that while existing security mechanisms protect applications, the proposed platform takes users' access control policies, translates them into information flow control policies on untrusted apps automatically, and ensures that even if an app is malicious or compromised it cannot leak data to an unauthorized user or remote server. In addition to protecting data, the proposed platform frees enterprises from vetting each application they trust sensitive data to - this could unleash many creative apps for users and enterprises that today do not have access to sensitive data. This I-Corps team has been in touch with several external resources that will assist the team in accomplishing the required I-Corps objectives and customer discovery. This includes high-level executives from hospitals, platform providers, and medical application developers.

View original record on NSF Award Search →