Smart Isolation in Large-Scale Production Computing Infrastructures - April 2016

Submitted by drwright on Thu, 03/10/2016 - 11:17am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Xiaohui (Helen) Gu, William Enck
Researchers: Rui Shu, Adwait Nadkarni, Luke Deshotels

HARD PROBLEM(S) ADDRESSED

Resilient Architectures - Our current focus is the creation and validation of a classification system of existing security isolation techniques, through which we will identify underlying design principles and tradeoffs that will lead to the design of next generation smart isolation techniques to support resilient architectures.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

We have created an initial dataset for analysis of Docker images used to isolate functionality. The dataset consists of 19,882 Docker community images. Preliminary results indicate 97% of the images have at least one known vulnerability, with an average of 141 vulnerabilties per image.
We performed a in-depth case study on a popular Email application that demonstrates the how lazy polyinstantiation can practically and security separate personal and work data without modifying applications.

Groups:

NCSU Science of Security Lablet Research Initiative