NSF Org: |
CNS Division Of Computer and Network Systems |
Recipient: |
|
Initial Amendment Date: | July 31, 2014 |
Latest Amendment Date: | July 23, 2018 |
Award Number: | 1413964 |
Award Instrument: | Continuing Grant |
Program Manager: |
Nina Amla
namla@nsf.gov (703)292-7991 CNS Division Of Computer and Network Systems CSE Direct For Computer & Info Scie & Enginr |
Start Date: | October 1, 2014 |
End Date: | September 30, 2020 (Estimated) |
Total Intended Award Amount: | $800,000.00 |
Total Awarded Amount to Date: | $800,000.00 |
Funds Obligated to Date: |
FY 2016 = $241,086.00 FY 2017 = $266,086.00 FY 2018 = $196,088.00 |
History of Investigator: |
|
Recipient Sponsored Research Office: |
360 HUNTINGTON AVE BOSTON MA US 02115-5005 (617)373-3004 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
MA US 02115-5005 |
Primary Place of Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | Secure &Trustworthy Cyberspace |
Primary Program Source: |
01001617DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT 01001819DB NSF RESEARCH & RELATED ACTIVIT |
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.070 |
ABSTRACT
The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.
The MACS project addresses a diverse set of security challenges. These include the design of hardware with built-in secrecy and integrity properties, small and versatile operating systems that offer minimal functionality but are simpler and easier to analyze, privacy-preserving and verifiable memory access for outsourced applications, security-preserving overlay and software-defined networks, and algorithms for privacy-preserving verifiable outsourced computations and database systems. Crucially, we combine all of these security mechanisms with their piecemeal analyses into a global security guarantee. Furthermore, the analysis is modular, allowing the substitution of components with others that provide potentially comparable guarantees based on different techniques and trust assumptions. The research team comprises experts in different aspects of information security and cryptography. The research is highly collaborative and pools together key areas of expertise in order to provide overall security guarantees. A key component of the project is the Massachusetts Open Cloud, which provides the research team with a test-bed for deploying and testing the developed mechanisms in a production cloud.
The project involves a significant outreach component with a number of goals. One goal is to introduce technology professionals to cybersecurity and its central role for our society and economy. Another goal is to introduce K-12 students to cybersecurity, and through it to computer science in general. The program targets students from both under-represented minorities and students with exceptional academic potential.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The Modular Approach to Cloud Security (MACS) project has broken new ground in our ability to design systems that provide outsourced and distributed services in a secure and modular way.
New methodologies, algorithms, and systems were developed at all layers of the computing stack, and security was analyzed in a modular and composable way. This includes secure processors (Sanctum, MI6), modular operating systems (EbbRT); elastic virtualization mechanisms, secure memory access (Path ORAM), secure messaging, distributed databases, and computations on private data (Vuvuzela, Alpenhorn, Stadium, Karaoke, Yodel, VerSum, Gazelle, Conclave); as well as extending the algorithmic and cryptographic toolbox with new functionality that enhances our ability to perform remote computations securely and effectively. Highlights include succinct hidden (garbled) virtual random-access programs; new homomorphic and functional encryption mechanism; improved secure multiparty and remote computation protocols; and even society-facing applications such as providing a solution based on secure multiparty computation for the Boston Women's Workforce Council?s pay equity study across employers in the Greater Boston Area.
The MACS project proceeded in concert with the development of the Massachusetts Open Cloud (MOC), which provides a unique collaborative environment for open-source cloud services. In particular, the project had a significant transition to practice piece that helped transition systems developed at MACS to the MOC.
On the analytical side, the MACS project significantly advanced existing methodologies for modular and composable analysis of systems, and helped forge new ones. In particular, it enabled extending universally composable security analysis to hardware design, operating systems, networking, and virtualization domains. At the same time, the project has taught us that fully modular design with composable security guarantees is a delicate and challenging endeavor, and the journey is still far from its end. The project has also pointed in new directions for advancing this goal, not the least of which is using formal and language-based methods for asserting composable security properties of compiled, deployable systems.
Overall, the MACS project has resulted in over 200 peer-reviewed research papers as well as multiple open-source software and hardware systems. Furthermore, it created a vibrant cross-disciplinary and cross-institutional research community around composable security in the Boston area and beyond. Finally, the MACS project also had a strong outreach component, enabling the creation of the BU Codebreakers program, the growth of the MIT PRIMES Computer Science program, and continuing the excellent Promys for Teachers and BU Artemis programs.
Last Modified: 03/15/2021
Modified by: Daniel Wichs
Please report errors in award information by writing to: awardsearch@nsf.gov.