Research backarrow

We have defined a layered framework for assured cloud computing consisting of the secure virtual machine layer, secure cloud storage layer, secure cloud data layer, and the secure virtual network monitor layer. Cross cutting services are provided by the policy layer, the cloud monitoring layer, the reliability layer and the risk analysis layer.

For the Secure Virtual Machine (VM) Monitor we are examining XEN developed at the University of Cambridge and exploring security to meet the needs of our applications (e.g., secure distributed storage and data management).

For Secure Cloud Storage Management, we are developing a storage infrastructure with Hadoop and MapReduce technologies. For Secure Cloud Data Management, we have developed secure query processing algorithms for RDF (Resource Description Framework) and SQL (HIVE) data in clouds with an XACML-based (eXtensible Access Control Markup Language) policy manager utilizing the Hadoop/MapReduce Framework.

For Secure Cloud Network Management, our goal is to implement a Secure Virtual Network Monitor (VNM) that will create end-to-end virtual links with the requested bandwidth, as well as virtual nodes and monitor the computing resources. Below we give an overview of a sample our research projects that are contributing to our cloud infrastructure. We use our cloud computing framework and our research projects for our students to carry out programming projects for their courses. That is, our education efforts are tightly integrated with our research efforts.

AFOSR: Assured Cloud Computing, $2.2m, 2008-13, PI: B. Thuraisingham, Co-PI: L. Khan, M. Kantarcioglu, K. Hamlen, I. Yen
UTD is leading an effort to design and develop a Secure Service Oriented Architecture-based (SOA) Cloud that will host the resource management services (e.g., scheduling), security services (e.g., attribute based access control and accountability), storage services and information management services. Our goal is to develop technologies to support DoD’s Global Information Grid. We are developing a layered framework for an assured cloud consisting of network, virtual machine, storage and data management layers.

AFOSR: A Framework for Assured Information Sharing Lifecycle, $1.0m, 2008-13 PI: M. Kantarcioglu (PI: 2010-3, Co-PI: 2008-10), B. Thuraisingham (PI: 2008-10, co-PI: 2010-3), Co-PIs: L. Khan, N. Berg (School of Social Sciences), A. Bensoussan (School of Management)
The objective is to define, design and develop an Assured Information Sharing Lifecycle that realizes the DoD’s information sharing value chain. We have developed flexible policies for social networks to facilitate assured information sharing. In addition, we developed social network mining techniques to leverage multiple social relationship types. We also developed an evolutionary game theoretic framework to simulate various data sharing scenarios under different incentive and trust models. Our recent work includes mechanisms to give incentives to organizations for information sharing using concepts from the theory of contracts to determine appropriate rewards such as ranking or monetary benefits. Together with our European partners (Kings College London and University of Insubria, Italy), we are using our assured cloud for information sharing experiments.

NSF CAREER: An Integrated Approach For Efficient Privacy Preserving Distributed Data Analytics $400K (2009-2014) PI: M. Kantarcioglu
Organizations need to securely share their private data to execute critical tasks. Due to the limitations of the current approaches, efficient and accurate privacy-preserving solutions are needed for handling large distributed data sets. To address this challenge, we are designing and developing a novel framework where sanitization and SMC (secure multiparty computation) techniques are integrated to develop efficient privacy-preserving solutions under resource constraints. We are using our assured cloud to scale our algorithms.

AFOSR (Young Investigator Program): Automated, Certified, In-lined Reference Monitors, $280K, 2008-2010 PI: K. Hamlen
In-lined Reference Monitors (IRM’s) implement traditional Reference Monitors by injecting runtime security checks directly into untrusted binary code. This facilitates efficient enforcement of application-specific, history-based software security policies in settings where it is undesirable or infeasible to modify the OS. Automated certification applies type-checking, model-checking, and other software verification technologies to formally guarantee that IRM’s are policy-adherent. Such verification allows the producer of the IRM to remain untrusted. We have developed the first fully declarative, aspect-oriented, XML-based IRM policy specification language, a complete formal semantics for the language, and a suite of policy enforcement and policy analysis tools for Java bytecode programs. We are examining ways to apply the results to our assured cloud.

AFOSR: Reactively Adaptive Malware: Attacks and Defenses, $0.5m, 2010-14 PI: K. Hamlen, Co-PI: L. Khan Reactively adaptive malware chooses its mutations strategically by identifying, analyzing, and adapting to signature-matching defenses fully automatically in the wild. Such malware can adapt and mutate in response to new signature databases far more quickly than human analysts can create them, removing the advantage currently exploited by most antivirus products. This project investigates the feasibility of such reactively adaptive malware by using machine learning technologies to augment malware with anti-antivirus defenses in a secure testing environment. We are examining ways to apply our techniques for cloud monitoring.