NSF Org:	CNS Division Of Computer and Network Systems
Recipient:	VIRGINIA COMMONWEALTH UNIVERSITY
Initial Amendment Date:	August 26, 2014
Latest Amendment Date:	August 26, 2014
Award Number:	1422355
Award Instrument:	Standard Grant
Program Manager:	Shannon Beck CNS  Division Of Computer and Network Systems CSE  Directorate for Computer and Information Science and Engineering
Start Date:	October 1, 2014
End Date:	August 31, 2016 (Estimated)
Total Intended Award Amount:	$249,996.00
Total Awarded Amount to Date:	$249,996.00
Funds Obligated to Date:	FY 2014 = $1,313.00
History of Investigator:	Meng Yu (Principal Investigator) myu04@roosevelt.edu Wanyu Zang (Co-Principal Investigator)
Recipient Sponsored Research Office:	Virginia Commonwealth University 910 WEST FRANKLIN ST RICHMOND VA  US  23284-9005 (804)828-6772
Sponsor Congressional District:	04
Primary Place of Performance:	Virginia Commonwealth University 401 West Main Street Richmond VA  US  23284-3019
Primary Place of Performance Congressional District:	04
Unique Entity Identifier (UEI):	MLQFL4JSSAA9
Parent UEI:	WXQLZ1PA6XP3
NSF Program(s):	Secure &Trustworthy Cyberspace
Primary Program Source:	01001415DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s):	7434, 7923
Program Element Code(s):	806000
Award Agency Code:	4900
Fund Agency Code:	4900
Assistance Listing Number(s):	47.070

ABSTRACT

Cloud computing offers many benefits to users, including increased availability and flexibility of resources, and efficiency of equipment. However, privacy concerns are becoming a major barrier to users transitioning to cloud computing. The privilege design of existing cloud platforms creates great challenges in ensuring the trustworthiness of cloud by granting too much power to the cloud administrators, who could launch serious insider attacks by abusing the administrative privileges.

This project uses a well-understood philosophy, separation-of-privilege, in the architectural design of a cloud platform. The architectural design and the strong homomorphic cryptographic approach protect data privacy in cloud environments from different angles. This project develops an innovative privacy-driven architectural design, with one focus on the privilege-level design of each software component of a cloud platform, and another on defending insider attacks. This project investigates new mechanisms to de-privilege the cloud administrator and enable more fine grained access control among the software components of a cloud platform. More specifically, the new mechanisms enable agile configuration of the platform; user-configurable privacy protection; and strong isolation in the user space. The techniques developed under this project are immensely important as users place more of their data into the cloud and rely upon cloud providers to keep that data private.

Please report errors in award information by writing to: awardsearch@nsf.gov.