CICI: Secure Data Architecture: CapNet: Secure Scientific Workloads with Capability Enabled Networks
University Of Utah, Salt Lake City UT
Investigators
Abstract
Modern scientific experiments have outgrown the capacity of a single lab. They require the storage and processing power of a datacenter, involve cross-institutional access to sensitive data, and span multiple domains of administrative trust. In such a setting, security is fragile. In the face of steady growth of sophisticated cyber-attack tools, modern server and desktop machines are fundamentally insecure. Over a hundred critical vulnerabilities that allow unrestricted access to the entire system are discovered in the Linux kernel each year. Lacking flexibility to express fine-grained access control policies, modern networks often give vulnerable hosts excessive or even unrestricted connectivity to the rest of the network. An exploit of any host enables attackers to explore, exploit and take control over an entire cyber facility. Without support from the network, scientific facilities will remain vulnerable. CapNet is a network architecture that enables secure, least privilege collaboration in the cross-institutional environment of a modern research facility. Building on the principles of capability access control, this research develops key elements needed to secure a network of a modern scientific infrastructure: 1) "off by default" behavior, with connectivity granted on as-needed basis; 2) mechanisms for decentralized, application-driven dynamic management of connectivity; and 3) a formal foundation enabling secure collaboration of fine-grained, dynamic, multi-institutional principals. The basis for CapNet's design is strong isolation of network activities with the mechanisms of software defined networks (SDN) and mediation of all communication between network hosts by a capability access control model. CapNet represents the network as an access control graph. Nodes are network hosts, edges (or "capabilities") are pointers to other hosts allowing communication and further exchange of rights. By controlling the initial distribution of capabilities and their flow, CapNet governs network interactions through fine-grained, application-driven policies that enable safe collaboration among multiple institutions and third-party services. Finally, while taking a holistic approach to network access control, CapNet remains practical: it retains compatibility with unmodified network network stacks, integrates with existing datacenter and cloud management stacks, enables incremental adoption, and is fast and scalable.
View original record on NSF Award Search →