| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | April 3, 2013 |
| Latest Amendment Date: | September 8, 2014 |
| Award Number: | 1253870 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | June 1, 2013 |
| End Date: | October 31, 2015 (Estimated) |
| Total Intended Award Amount: | $480,620.00 |
| Total Awarded Amount to Date: | $280,009.00 |
| Funds Obligated to Date: |
FY 2014 = $8,610.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
21 N PARK ST STE 6301 MADISON WI US 53715-1218 (608)262-3822 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1210 West Dayton Street Madison WI US 53706-1685 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001415DB NSF RESEARCH & RELATED ACTIVIT 01001617DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Infrastructure-as-a-service (IaaS) cloud computing systems are revolutionizing business, government, and science by providing easy access to scalable computing. These public services, as offered by Amazon, Google, Microsoft, and others, allow an arbitrary customer to rent, by the hour, the resources needed to run their applications within virtual machines (VMs) hosted on the provider?s compute infrastructure. With these new services, however, comes subtle new security issues. Prior work by the PI uncovered attacks that abuse two aspects unique to cloud computing: resource sharing among mutually distrustful customers and pricing that incentivizes malicious behavior.
The proposed research is organized along the two themes of resource sharing and pricing. In the first theme, the work explores whether cryptographic side channel attacks and resource-freeing attacks pose serious threats to cloud customers and then develops new placement and CPU scheduling algorithms that realize the security principle of soft isolation: minimization of potentially dangerous cross-user scheduling interactions (e.g., sharing a server or CPU core). Within the second theme, the work explores the implications of fine-grained pricing mechanisms on security. This includes developing pricemarks (mechanisms for accurately determining the true costs of a cloud service), understanding customer-controlled placement gaming that exploits cloud performance heterogeneity, and explores pricing-based security mechanisms that, in conjunction with the aforementioned scheduling mechanisms, will degrade fiscal incentivizes for adversarial behavior.
The impact of the proposed work will be deeper understanding of threats in cloud IaaS systems, new security design principles, deployable security technologies, and improvements in security education.
Please report errors in award information by writing to: awardsearch@nsf.gov.
