You are here

Innovative Technology for Secure Cloud Computing

Description:

OBJECTIVE: Design, develop and demonstrate innovative technology to detect, prevent, and mitigate security threats at all levels within the cloud computing environment ensuring access to timely, accurate, reliable information needed to execute tactical missions more effectively and efficiently. DESCRIPTION: Cloud computing has matured to the point where it is becoming a mainstream source of technology for military and Government organizations. While there are many benefits to having data easily accessible in a cloud, it comes with many security risks. Some key issues include physical security, insider abuse, data encryption, third party relationships, network security, virtualization security, access controls, and application security. Current cloud computing security techniques include the use of firewalls, antivirus software, and intrusion detection and prevention systems. While these techniques are necessary and increase the overall security of cloud computing, new and innovative solutions are being sought to ensure the information sent to the cloud and data within the cloud environment can be only accessed in a secure, effective, robust, and timely manner by authorized entities within a trusted system architecture. Every cloud deployment model faces the risk of forged access credentials or captured sensitive data. The focus of this topic addresses the following three issues to ensure information within a cloud computing environment is delivered in a secure, trusted manner: (1) malware and insider threats, (2) data centers located in unfriendly countries, and (3), external hackers implanting malware compromising the hypervisor, operation systems, or applications within the cloud. The hypervisor is probably the most significant target an adversary may attempt to control; therefore, service providers are required to enable security which identifies unauthorized modifications and changes, detect zero day exploits and ensure the availability of applications and services rendered in a cloud environment. Another area of interest concerns sensitive data located or outsourced to data centers in"unfriendly"countries or countries where laws on data privacy are somewhat undefined. The end result is to protect the integrity and transit of information in the cloud in the face of existing malware or an advanced persistent threat. New innovative solutions are required to protect applications and data pushed to the cloud computing environment by authorized entities from being exploited or exfiltrated from advanced threats. These technologies should address one or part of one of the issues defined here to help ensure that adversaries present in the cloud cannot capture critical information. Solutions can address any part of cloud security, including but not limited to: the virtualized environments (including hypervisor), cloud architecture, hardware platforms and data encryption. PHASE I: Research and develop tools, technique, and concepts for protecting information within a cloud computing environment. Provide a proof-of-concept design and prototype demonstrating the feasibility of the concept. Verify the Technology Readiness Level (TRL) at the conclusion of Phase I. PHASE II: Based on the verified successful results of Phase I, refine and extend the proof-of-concept design into a fully functioning pre-production prototype. Verify the TRL at the conclusion of Phase II. PHASE III: Develop the prototype into a comprehensive solution for the application of cloud computing security. This demonstrated capability will benefit and have transition potential to Department of Defense (DoD) weapons and support systems, federal, local and state organizations as well as commercial entities. REFERENCES: 1. Cloud Security Alliance."Top Threats to Cloud Computing V1.0". March 2010. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf. 2. Winkler, Vic."Cloud Computing: Virtual Cloud Security Concerns". Dec 2011. TechNet Magazine. http://technet.microsoft.com/en-us/magazine/hh641415.aspx. 3. Talbot, David."Security in the Ether". January/February 2010. Technology Review. http://www.technologyreview.com/web/24166/. 4. Brodkin, Jon."Gartner: Seven Cloud-computing Security Risks". July 2, 2008. Network World. http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853.
US Flag An Official Website of the United States Government