TCloud
The use of cloud computing has revolutionized the way in which cyber infrastructure is used and managed. The on-demand access to seemingly infinite resources provided by this paradigm has enabled technical innovation and indeed innovative business models and practices. This rosy picture is threatened, however, by increasing nefarious interest in cloud platforms. Specifically, the shared-tenant, shared-resource nature of cloud platforms, as well as the natural accrual of valuable information in cloud platforms, provide both the incentive and the possible means of exploitation.
To address these concerns we are developing a self-defending, self-evolving, and self-accounting trustworthy cloud platform, the TCloud. Our approach in realizing TCloud holds to the following five tenets. First, defense-in-depth through innate containment, separation and diversification at the architectural level. Second, least authority by clear separation of functionality and associated privilege within the architecture. Third, explicit orchestration of security functions based on cloud-derived and external intelligence. Fourth, moving-target-defense through deception and dynamic evolution of the platform. Fifth, verifiable accountability through lightweight validation and auditable monitoring, record keeping, and analysis.
We expect that our approach to fundamentally refactor the cloud architecture to explicitly enable security related functionality will lay the foundation for truly trustworthy cloud computing. Given the unrelenting push towards the use of cloud technologies we expect our work to be used across industry, healthcare, government and academia. We plan to release all software we develop to the community in open source form.
Available Software
- ATOM — a framework for efficient monitoring of resources in an IaaS platform
(read the paper; get the source code) - CloudVMI — a library enabling “VMI as a service” for Xen-based clouds
(read the paper; get the source code) - DEIDtect — a distributed and elastic intrusion-detection system (IDS) architecture
(read the paper; get the source code) - Wingman — a kernel-focused run-time anomaly detection and repair system for virtual appliances
(read the paper; get the source code)
Forthcoming Software
- CloudSight — a tenant-oriented transparency framework for cross-layer cloud troubleshooting
(read the paper) - Harpocrates — a system for moving secure computation from origin webservers to nodes in a CDN
(read the paper) - Potassium — an OpenStack implementation of “penetration testing as a service”
(read the paper)
Media
- CloudSight —
- Watch the video of CloudSight, based on a demonstration for the Network Research Exhibition at Supercomputing 2016.
current people
alumni
publications
PhD Dissertation, University of Utah 2018 [ bibtex ]
PhD Dissertation, University of Utah 2018 [ bibtex ]
In TKDE (), October 2018 [ bibtex ]
In CCS 2017 [ pdf :: bibtex ]
In SoCC 2017 [ pdf :: bibtex ]
In IEEE TPDS 28(8), August 2017 [ pdf :: bibtex ]
Masters Thesis, University of Utah 2016 [ pdf :: bibtex ]
Masters Thesis, University of Utah 2015 [ pdf :: bibtex ]
In IEEE BigData 2015 [ bibtex ]
In TRIDENTCOM 2015 [ pdf :: slides :: bibtex ]