USA flag logo/image

An Official Website of the United States Government

Framework for Assessing Cloud Trustworthiness (FACT)

Award Information

Agency:
Department of Defense
Branch:
N/A
Award ID:
Program Year/Program:
2013 / SBIR
Agency Tracking Number:
F112-031-1204
Solicitation Year:
2011
Solicitation Topic Code:
AF112-031
Solicitation Number:
2011.2
Small Business Information
Charles River Analytics Inc.
625 Mount Auburn Street Cambridge, MA 02138-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2013
Title: Framework for Assessing Cloud Trustworthiness (FACT)
Agency: DOD
Contract: FA8750-13-C-0028
Award Amount: $746,420.00
 

Abstract:

ABSTRACT: When Air Force applications or data reside in a third-party"gray"cloud, trustworthiness can be compromised due to lack of control over the underlying infrastructure. The user must treat the cloud as a black box that cannot be instrumented or modified. To support verifiable access to applications and data residing in gray cloud infrastructures, we will develop a framework that treats the cloud as a black box and assesses trustworthiness at the cloud client to execute tests within a trusted environment. Our solution integrates diagnostic tests to assess application trustworthiness with the application client, so they are run within a single process. The integration process optimizes test coverage while accounting for properties of the diagnostic tests, parameters of the mission supported by the application, and properties of the cloud infrastructure. If a test fails, the framework attempts to redeploy the application on more trustworthy cloud resources. Diagnostic tests for data objects stored in the cloud are based on a separate cryptographic hash-based check that verifies their data integrity. As with the diagnostic tests for applications, the diagnostic tests for data objects are evaluated outside of the cloud. BENEFIT: We expect the full-scope framework to have immediate and tangible benefit to users requiring trustworthy execution of applications and storage of data in both blue and gray clouds. Companies that provide commercial cloud computing services are potential licensees of this technology, which will enhance their competitive advantage for security-conscious consumers.

Principal Investigator:

Curt Wu
Chief Software Engineer
(617) 491-3474
cwu@cra.com

Business Contact:

Mark S. Felix
Contracts Manager
(617) 491-3474
mfelix@cra.com
Small Business Information at Submission:

Charles River Analytics Inc.
625 Mount Auburn Street Cambridge, MA -

EIN/Tax ID: 042803764
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No