Securing Scientific Cyberinfrastructures from Advanced Attacks
ECE Assistant Professor Xiaolin Xu is leading a $1.2M NSF grant, in collaboration with ECE Professor Miriam Leeser and Mike Zink from the University of Massachusetts, for “CAREFREE:Cloud infrAstructure ResiliencE of the Future foR tEstbeds, accelerators and nEtworks.”
Abstract Source: NSF
Cyberinfrastructure in the form of cloud computing has become the main workhorse for accelerating modern scientific exploration, discovery, and advancement. Several research clouds are available and give scientists from diverse research domains access to significant new cyber-infrastructure approaches that are unavailable through commercial cloud offerings. Like their commercial cloud counterparts, the scientific workloads running on these systems require security, and the scientists using these cutting-edge systems wish to preserve the integrity and confidentiality of their data and programs. In addition, they expect robust system availability without worrying about disruptions caused by attacks. Since these testbeds offer bare metal resources to support systems research they have an increased attack surface (in comparison to commercial clouds), which makes them less secure. As a consequence, the goal of this project is to secure scientific cyberinfrastructures (in the form of next-generation cloud systems) that include network-attached accelerators.
This project aims to develop the next-generation resilient cloud infrastructure. The research investigates cyberinfrastructure security from a cross-layer perspective by focusing on both networking and hardware accelerators. Its complementary research thrusts build on the Open Cloud Testbed. This experimental testbed is isolated from public networks and is an ideal platform for addressing security issues where attacks can be launched, identified, and mitigated. This research has three thrusts. First, it identifies advanced attack strategies leveraging vulnerabilities associated with the network layer. Second, it defines and explores three classic security concerns; confidentiality, integrity, and availability; which can be compromised by an adversary leveraging hardware accelerator vulnerabilities. Third, it explores efficient and scalable defense solutions with a co-design strategy for hardware/software/network. Collectively, it integrates these cross-layer defense solutions with the existing infrastructure and develops benchmarking for evaluation and transition to other research cyberinfrastructures.