GGrantIndex
← Search

CICI: RSARC: DICE - Data Insurance in the Cluster Environment

$590,317FY2017CSENSF

Florida State University, Tallahassee FL

Investigators

Abstract

High-performance, distributed computing has become indispensable in solving complex scientific, engineering, and business problems. The integrity of the data generated and stored on computer clusters is of undisputed importance to scientific research and business intelligence, as compromised data can lead to incorrect conclusions and decisions. Unfortunately, existing security mechanisms for high-performance and distributed computing systems are complex, inconsistent, insecure, and difficult to deploy. Many systems utilizing the current security mechanisms simply do not provide sufficient protection and remain vulnerable to even trivial attacks. For example, recent studies have found that thousands of unprotected database installations and computer clusters have been hacked. As such, there is a pressing need to improve the security of high-performance and distributed computing systems. This project develops a security framework for high-performance and distributed computing systems that employs strong modern cryptographic algorithms, and is easy to reason, deploy, and use without lengthy and error-prone configurations. The project consists of three major components: a container-based virtual cluster, a component to defend against side-channel attacks, and a secure execution ledger for auditing. The first component is the key to enabling authentication, authorization, and data protection for clusters without sacrificing usability or performance. The project team will build the virtual cluster based on the popular Docker container but enhance it with flexible key management, attack surface reduction, and security hardening, including defenses against side-channel attacks. Communications among nodes of a virtual cluster and I/O operations are transparently encrypted to protect the data in transition and at rest. The secure execution ledger provides a global holistic view of program execution in the whole system, allowing auditing the behavior of individual users as well as user groups. By tightly integrating these three components, the project seeks to achieve strong support for the four pillars of the cluster data security ? authentication, authorization, auditing, and data protection.

View original record on NSF Award Search →