Framework for Assessing Cloud Trustworthiness (FACT)

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-13-C-0028
Agency Tracking Number: F112-031-1204
Amount: $746,420.00
Phase: Phase II
Program: SBIR
Awards Year: 2013
Solicitation Year: 2011
Solicitation Topic Code: AF112-031
Solicitation Number: 2011.2
Small Business Information
Charles River Analytics Inc.
MA, Cambridge, MA, 02138-4555
DUNS: 115243701
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Curt Wu
 Chief Software Engineer
 (617) 491-3474
Business Contact
 Mark Felix
Title: Contracts Manager
Phone: (617) 491-3474
Research Institution
ABSTRACT: When Air Force applications or data reside in a third-party"gray"cloud, trustworthiness can be compromised due to lack of control over the underlying infrastructure. The user must treat the cloud as a black box that cannot be instrumented or modified. To support verifiable access to applications and data residing in gray cloud infrastructures, we will develop a framework that treats the cloud as a black box and assesses trustworthiness at the cloud client to execute tests within a trusted environment. Our solution integrates diagnostic tests to assess application trustworthiness with the application client, so they are run within a single process. The integration process optimizes test coverage while accounting for properties of the diagnostic tests, parameters of the mission supported by the application, and properties of the cloud infrastructure. If a test fails, the framework attempts to redeploy the application on more trustworthy cloud resources. Diagnostic tests for data objects stored in the cloud are based on a separate cryptographic hash-based check that verifies their data integrity. As with the diagnostic tests for applications, the diagnostic tests for data objects are evaluated outside of the cloud. BENEFIT: We expect the full-scope framework to have immediate and tangible benefit to users requiring trustworthy execution of applications and storage of data in both blue and gray clouds. Companies that provide commercial cloud computing services are potential licensees of this technology, which will enhance their competitive advantage for security-conscious consumers.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government