Mathematical Foundations of Secure Computing Clouds

2013 - presentpresent

The Cloud is becoming the battleground of 21st century cyberwarfare. Both industry and the military are moving the majority of their computing infrastructure to cloud-based platforms, because of their low operating overhead, versatility, and high-throughput computing potential. Clouds will provide strategic advantages via real-time tactical analysis for warfighters on the front lines, data mining for intelligence analytics, cheaper high-throughput computing for simulations, and a computational substrate for cyberwar operations by enabling dynamic and flexible access to mission-critical computational capacity in the form of warehouse-scale computers. With more and more computation being moved into computational clouds, strategic advantage in the 21st century is increasingly determined by the ability to operate cloud platforms securely securely — and to disrupt those of opponents. More and more, cyberwarriors will be fighting their battles on and over cloud computing systems. It is difficult to secure any large-scale computing infrastructure, but the challenges are particularly acute for clouds. Clouds require external connectivity (e.g., to forward operating bases), making them vulnerable to attackers, who may gain the credentials needed to access some portion of the platform. Their frequently changing workloads make it hard to define normal behavior, and conversely to flag abnormal behavior. Finally, their sheer scale (a typical cloud today consists of half a million individual servers) makes gathering, analyzing, and assessing their security status a big data problem. Three critical obstacles must be overcome to provide a secure and robust cloud: 1. From the attacker’s perspective, how can one reverse engineer a large, opaque infrastructure from a sparse collection of measurements? From a defensive standpoint, can we derive bounds on how actions reveal information about the infrastructure? Can we change the external view of the infrastructure over time, turning it into a moving target that is impossible to track? 2. How can we instrument and monitor the cloud efficiently to provide insight into performance and alert us to anomalous activities and behaviors? Could our data-driven system pose security threats to the analysts who are monitoring the cloud? What features are most salient for detecting attacks and anomalies? From an offensive side, can we mathematically determine the next probe to launch that maximizes information gain and minimizes possible detection? 3. In all likelihood, the security mechanisms of an agile cloud will be run in the cloud itself. We must therefore develop new algorithms for sensing, probing, and tracking that are well adapted to cloud platforms. What new demands are placed on statistical signal processing algorithms when we demand certifiable just-in-time performance from a cloud infrastructure with millions of nodes? What guarantees can be made about the stability and operating characteristics of such security deployments?