Smart Isolation in Large-Scale Production Computing Infrastructures - January 2016

Submitted by drwright on Tue, 12/01/2015 - 2:08pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Xiaohui (Helen) Gu, William Enck
Researchers: Rui Shu, Adwait Nadkarni

HARD PROBLEM(S) ADDRESSED

Resilient Architectures - Our current focus is the creation and validation of a classification system of existing security isolation techniques, through which we will identify underlying design principles and tradeoffs that will lead to the design of next generation smart isolation techniques to support resilient architectures.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

We continued to develop our component vulerability analysis framework for the currently most popular component-based computing framework. We are close to complete the first version of the continuous stream-based docker image security vulenerability analysis framework.
We created a formal security argument to show that our lazy polyinstantiation primitive for DIFC is at least as secure as floating labels.

Groups:

NCSU Science of Security Lablet Research Initiative