Smart Isolation in Large-Scale Production Computing Infrastructures - January 2017

Submitted by drwright on Mon, 12/12/2016 - 3:40pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Xiaohui (Helen) Gu, William Enck
Researchers: Rui Shu, Adwait Nadkarni

HARD PROBLEM(S) ADDRESSED

Resilient Architectures - Our current focus is the creation and validation of a classification system of existing security isolation techniques, through which we will identify underlying design principles and tradeoffs that will lead to the design of next generation smart isolation techniques to support resilient architectures.

PUBLICATIONS

Rui Shu, Peipei Wang, Sigmund A. Gorski III, Benjamin Andow, Adwait Nadkarni, Luke Deshotels, Jason Gionta, William Enck, Xiaohui Gu. 2016. A Study of Security Isolation Techniques. ACM Computing Surveys (CSUR). doi: 10.1145/2988545
URL: http://dl.acm.org/citation.cfm?id=2988545

ACCOMPLISHMENT HIGHLIGHTS

Our work detailing the analysis of Docker Hub images was accepted for publication at the 2017 ACM Conference on Data and Application Security and Privacy (CODASPY). The analysis studied over 350,000 images on Docker Hub from nearly 100,000 repositories and found pervasive existence of many known vulnerabilities (CVEs).
We performed a feasibility study of a new approach to semi-automatically create information flow policy to isolate user data based on their preferences. The study suggests significant potential for the new approach for policy specification.

Groups:

NCSU Science of Security Lablet Research Initiative