| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 22, 2014 |
| Latest Amendment Date: | February 2, 2017 |
| Award Number: | 1421910 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Shannon Beck
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2014 |
| End Date: | September 30, 2019 (Estimated) |
| Total Intended Award Amount: | $449,999.00 |
| Total Awarded Amount to Date: | $449,999.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2550 NORTHWESTERN AVE # 1100 WEST LAFAYETTE IN US 47906-1332 (765)494-1055 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
305 N University St West Lafayette IN US 47907-2107 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.
This project explores the combination of two readily-available, practical mechanisms to holistically achieve assured cloud-based big data processing: (1) Byzantine fault tolerant replication and (2) partially homomorphic encryption. The former consists in replicating computational entities to achieve availability, and comparing their produced results to enforce integrity of results as well as isolation of suspicious components. The latter suggests leveraging the innate ability of existing "cryptosystems" to support certain specific operations on data in encrypted state in order to ensure its privacy.
The project envisions an efficient application of redundant computation (replication) and redundant storage (different encryptions of same data) through a smart breakdown of programs into sub-computations and sub-datasets based on boundaries identified via program analysis. To enable that vision, the scope of Byzantine fault tolerant replication is extended beyond the present client-server scenarios to avoid significant slowdowns when applied to fine-grained parallelization of large datasets; similarly, partially homomorphic encryption is made applicable without hampering parallelism and beyond very simple programs.
This project will have a high impact on software developers given the continuously increasing relevance of the cloud computing paradigm and of big data. Results will be made broadly available through scientific publications and use open-source software systems for implementation.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This project is concerned with enforcing security while analyzing large datasets in third-party cloud datacenters. The main tenets are to shield the programmer as much as possible from manually using any specific mechanism to that end, but instead proposing a malleable system that chooses and combines different mechanisms based on availability and an application's security requirements in a way maximizing performance. Mechanims considered include hardware-based trusted execution environments such as Intel SGX and so-called partially homomorphic encryption schemes that allow specific operations to be performed on data while encrypted without leaking information. Concretely, the main outcomes of the project are threefold: 1. Formal program models are conceived for capturing security-sensitive computations that allow for automated individual or combined use of said security mechanisms. 2. Novel partially homomorphic encryption schemes are devised that are symmetric as opposed to existing widely used asymmetric schemes. Our novel schemes are much more efficient than the latter schemes in that they support faster encryption and decryption, faster and more homomorphic operations on correspondingly encrypted data, and lower memory footprint. 3. A prototype system that leverages and validates the results of both 1. and 2. to efficiently support analytical queries over large datasets without compromising security. Our prototype is significantly faster than prior approaches and scales to much larger datasets.
Last Modified: 01/30/2020
Modified by: Patrick T Eugster
Please report errors in award information by writing to: awardsearch@nsf.gov.
