Smart Isolation in Large-Scale Production Computing Infrastructures - July 2015

Submitted by drwright on Mon, 06/08/2015 - 3:36pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Xiaohui (Helen) Gu, William Enck
Researchers: Rui Shu, Sigmund (Al) Gorski, Ben Andow, Adwait Nadkarni

HARD PROBLEM(S) ADDRESSED

Resilient Architectures - Our current focus is the creation and validation of a classification system of existing security isolation techniques, through which we will identify underlying design principles and tradeoffs that will lead to the design of next generation smart isolation techniques to support resilient architectures.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

The survey paper on security isolation techniques is near complete. We are in the process of performing a final edit pass to ensure consistent language and writing style is used throughout the document. Reflections from writing the paper have led to two potential areas of research investigation. The first area considers the potential for adaptive and comprehensive isolaution using software container technologies (e.g., Docker). The second area considers the use of information flow control policy to provide adaptive isolation.

Groups:

NCSU Science of Security Lablet Research Initiative