Smart Isolation in Large-Scale Production Computing Infrastructures - July 2017
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Xiaohui (Helen) Gu, William Enck
Researchers: Rui Shu, Adwait Nadkarni
HARD PROBLEM(S) ADDRESSED
- Resilient Architectures - Our current focus is the creation and validation of a classification system of existing security isolation techniques, through which we will identify underlying design principles and tradeoffs that will lead to the design of next generation smart isolation techniques to support resilient architectures.
PUBLICATIONS
ACCOMPLISHMENT HIGHLIGHTS
-
We built an initial framework for observing system effects (e.g., system calls, performance metrics) that result during the exploitation of vulnerabilities of software running within Docker containers. Those system effects will be used to build exploit detection models to trigger proper security isolation and patching process.