Framework for Assessing Cloud Trustworthiness (FACT)

Award Information
Agency:
Department of Defense
Branch
n/a
Amount:
$746,420.00
Award Year:
2013
Program:
SBIR
Phase:
Phase II
Contract:
FA8750-13-C-0028
Award Id:
n/a
Agency Tracking Number:
F112-031-1204
Solicitation Year:
2011
Solicitation Topic Code:
AF112-031
Solicitation Number:
2011.2
Small Business Information
MA, Cambridge, MA, 02138-4555
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
115243701
Principal Investigator:
Curt Wu
Chief Software Engineer
(617) 491-3474
cwu@cra.com
Business Contact:
Mark Felix
Contracts Manager
(617) 491-3474
mfelix@cra.com
Research Institution:
Stub




Abstract
ABSTRACT: When Air Force applications or data reside in a third-party"gray"cloud, trustworthiness can be compromised due to lack of control over the underlying infrastructure. The user must treat the cloud as a black box that cannot be instrumented or modified. To support verifiable access to applications and data residing in gray cloud infrastructures, we will develop a framework that treats the cloud as a black box and assesses trustworthiness at the cloud client to execute tests within a trusted environment. Our solution integrates diagnostic tests to assess application trustworthiness with the application client, so they are run within a single process. The integration process optimizes test coverage while accounting for properties of the diagnostic tests, parameters of the mission supported by the application, and properties of the cloud infrastructure. If a test fails, the framework attempts to redeploy the application on more trustworthy cloud resources. Diagnostic tests for data objects stored in the cloud are based on a separate cryptographic hash-based check that verifies their data integrity. As with the diagnostic tests for applications, the diagnostic tests for data objects are evaluated outside of the cloud. BENEFIT: We expect the full-scope framework to have immediate and tangible benefit to users requiring trustworthy execution of applications and storage of data in both blue and gray clouds. Companies that provide commercial cloud computing services are potential licensees of this technology, which will enhance their competitive advantage for security-conscious consumers.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government