STONY BROOK, NY, August 20, 2012
As companies, governments, and individual users adopt increasingly diverse computing platforms, from outsourced cloud computations to personal laptops and mobile devices, enforcing uniform security policies across these platforms becomes unwieldy.
Similarly, regulatory compliance and business auditing requires tracking the history of this data in a comprehensive, secure, and platform-independent manner. Unfortunately, technology has not kept pace with these practical concerns, and several systems and security research challenges must be addressed to make this vision a reality.
There is a natural and under-explored connection between understanding the origins of data and using that data's history to enforce security policies. To leverage this connection, PIs Porter and Sion are developing a comprehensive, general framework for automatically tracking the history of data and enforcing associated security policies in cloud computing environments. The research focuses on three key research challenges. First, the project investigates novel applications of virtualization technologies to transparently infer data provenance by inspecting a guest operating system (OS) and applications. Second, this project is developing techniques to securely store, manage, and query provenance data at cloud scale. Finally, the project combines the first two technologies to transparently and collaboratively enforce security policies throughout the cloud and end-user systems.