Overview

We believe that the shift to cloud computing offers a rare opportunity to usher in a much-needed era of improved information security. To help the community capitalize on this opportunity, we are pursuing a research, industry engagement, and education agenda that takes a step back from current trends, rethinks how we can approach security in the face of the shift to cloud computing, and leverages this shift to make significant progress on solving long-standing, open security problems.

Our research vision, perhaps controversially, deviates from the prevalent cloud research zeitgeist, which casts the move to cloud computing as largely detrimental to tenant security. Instead we seek to exploit the opportunities inherent in leveraging cloud providers as trusted partners to improve tenant security. In taking this perspective, we believe that security, like performance, cost, and scalability, can benefit from the key trends underlying the shift to cloud computing, such as the aggregation of services into infrastructure-as-a-service (IaaS) providers and the resultant economies of scale. Concretely, we are pursuing research along three main thrusts:

  • We are re-envisioning trust management via a new authorization and audit framework, which can percolate trust assertions based on novel mechanisms that allow the provider or even cloud tenants to perform automated audits of the security posture of (other) tenants or cloud clients;
  • We are uncovering new opportunities for monitoring and diagnosis of a range of behaviors, using the provider to facilitate the aggregation of relevant data across the broad tenant base; and
  • We will realize all this with an agile security platform that enables fluid, automated insertion of security monitors into appropriate loci within the cloud infrastructure, with new managed encryption protocols to protect tenant data to and from these monitors.

These research thrusts were inspired in part by recent measurements we performed about the state of existing commercial public clouds. We will expand on this empiricism, by building a cloud observatory measurement platform that will continuously monitor the state of public, industry cloud systems for the lifetime of the project. The resulting datasets will educate our research and others’ to ensure that the needs of real systems are addressed.

To enhance our research and its impact, we will seek out industry collaborators and reach out more broadly to industry by organizing a Cloud Security Horizons summit series. These will bring together practitioners, researchers, and government to discuss the way forward on leveraging clouds to improve computing security.