| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 18, 2014 |
| Latest Amendment Date: | August 18, 2014 |
| Award Number: | 1449159 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Ralph Wachter
rwachter@nsf.gov (703)292-8950 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2014 |
| End Date: | August 31, 2016 (Estimated) |
| Total Intended Award Amount: | $199,960.00 |
| Total Awarded Amount to Date: | $199,960.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
160 ALDRICH HALL IRVINE CA US 92697-0001 (949)824-7295 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
Irvine CA US 92697-0001 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Advancing the ability to create trustworthy computing systems demands fundamental advances in many technologies and at many levels of abstraction. Creating trustworthy applications requires more than a set of excellent building blocks, however. It demands an architectural understanding; one that shows a viable approach to utilizing many contributions in mutually consistent and supportive ways. This project springs from a focus on achieving security through innovative software architecture, wherein novel combinations of technologies are applied and the essential mechanisms of security and accountability are built in. In particular, the security concerns of prevent, detect, isolate, mitigate, and blame demand an architectural solution wherein systemic accountability is an architectural consequence, rather than an option.
To this end the proposal offers a novel alternative architectural style, COAST, for constructing secure, large-scale, decentralized systems, coupled with a focus on capability accounting. A capability is an unforgeable reference whose possession confers both authority and rights to a principal. Capability accounting is the practice of producing and maintaining a record or statement of the generation, transfer, or use of capability relating to a particular period or purpose. The approach facilitates the fine-grained use of capability accounting to prevent security problems, isolate them, mitigate consequences of problems, and, if necessary, assign blame for use in subsequent actions. Target applications are typified by SOAs (Service Oriented Architectures), such as those found in e-commerce, where there are multiple interacting parties but no single overarching authority. Our approach is inspired and informed by the daily use of broad accounting principles in other industries, notably Hazard Analysis and Critical Control Points (HACCP), a systematic preventive approach to hazards in production processes, and the generally accepted accounting principles (GAAP) of finance and business. Our immediate focus is assessing the viability of this approach in a notional Internet-of-Things application, where we rely on careful measurement and engineering analysis to guide future larger-scale projects.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
This project centered on a fresh perspective for designing and developing secure decentralized software systems—emphasizing systemic auditing, auditing policy, and architectural accountability—for which the fundamental unit of accounting is either the creation of a capability, the exploitation of a capability, or a transfer of capability from one computation to another.
A decentralized software system is a distributed system that operates under multiple, distinct spheres of authority in which collaboration among the principals is characterized by limited trust. Now commonplace, decentralized systems appear in a number of disparate domains: commerce, logistics, medicine, software development, manufacturing, and financial trading to name but a few. These systems of systems face two overlapping demands: security and safety to protect against errors, omissions and threats; and ease of adaptation in response to attack, faults, regulatory requirements, or market demands.
Systemic auditing is the sanctioned inspection and analysis of the capability logs of one or more parties. Auditing policy dictates the accounting standards for the transfer of capability (when, where, and how a capability transfer is logged), the manner in which capability logs are examined, correlated, and reported, and defines the significant transfers for which additional actions are required (for example, refusing service to an untrusted party, issuing a notification to system administrators, or revoking a specific capability). Underpinning systemic auditing is the concept and practice of architectural accountability where an architectural style is deliberately designed to support capability accounting.
The approach hinges on previously unexplored alternatives in architecture-based security. First, starting with an architectural style (Computational State Transfer, or “COAST”) where the explicit management of capability and accountability are fundamental structural elements, we examined the degree to which an architectural style can induce the triad of architectural accountability, systemic auditing, and auditing policy.
Within this context the research goals centered on the question: How can systemic auditing, auditing policy, and architectural accountability be employed to ensure and verify the integrity and security of decentralized services?
The essential outcome of the project was demonstration of the feasibility of the proposed approach. The critical tooling was put in place, enabling not only development of trial applications but also capture and analysis of the capability events with respect to user-chosen criteria. In particular, we conducted an experiment to assess whether capability accounting is a feasible approach to monitor and audit a decentralized system. For that, we defined an auditing practice to fulfill our research process and goals. Using COAST, we created a prototype of an electronic trading system that illustrates the interactions among various independent systems. In the prototype, a Trader deploys a trading algorithm (i.e. Trading Computation) into a host for execution. We posed five typical problems in decentralized systems and the financial trading domain, each problem with one or more causes. We deployed multiple Trading Computations, one of them with no errors but the rest with faulty computations, that is, each one produces the manifestation of one of the posed problems. Along with the prototype, we created a verification model in COMET to assess that the Trading Computations behave and interact with other components as expected. After the Trading Computations were executed and the corresponding capability events were collected, we used that verification model to evaluate how the computations behaved and to present results. This preliminary experiment revealed that capability accounting can be useful for debugging, behavioral analysis, and early warning of threatening security events.
Last Modified: 10/21/2016
Modified by: Richard N Taylor
Please report errors in award information by writing to: awardsearch@nsf.gov.
