Secure and Resilient Cloud Computing for the Department of Defense

Imagine a military commander who urgently needs a specialized computing capability to analyze new intelligence, surveillance , and reconnaissance (ISR) data and integrate those data with existing ISR information. The commander directs his information technology (IT) staff and developers to design this capability. The staff quickly provision computing hardware from a Department of Defense (DoD) cloud and compose the software and services needed to ingest, enrich, create, and share knowledge from the data while ensuring that the resulting capability remains secure and resilient (i.e., able to continue operations after a disruption). Within days, the staff has an initial system for analyzing the ISR data up and running. In the following weeks, they enhance the system by creating new features and adding capacity for even more data. This vision for agile, inexpensive cloud computing could revolutionize the way the DoD operates, and Lincoln Laboratory is building the next-generation secure cloud computing systems that could enable that vision. Marketers have made the term cloud synonymous with ubiquitous, convenient computing. Digging below this simplified description, we find that cloud computing is a model for deploying software and hardware resources at lower cost and with greater flexibility than deploying typical enterprise computing resources. The defining attributes of cloud computing include on-demand self-service, broad network access, resource pooling, rapid elasticity (i.e., ability to adapt quickly to changing Cloud computing offers substantial benefits to its users: the ability to store and access massive amounts of data, on-demand delivery of computing services, the capability to widely share information, and the scalability of resource usage. Lincoln Laboratory is developing technology that will strengthen the security and resilience of cloud computing so that the Department of Defense can confidently deploy cloud services for its critical missions.

[1]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[2]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[3]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[4]  Roger Khazan,et al.  Lincoln Open Cryptographic Key Management Architecture , 2012 .

[5]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[6]  Joseph P. Campbell,et al.  Iris Biometric Security Challenges and Possible Solutions , 2015 .

[7]  Robert K. Cunningham,et al.  Computing on masked data: a high performance method for improving big data veracity , 2014, 2014 IEEE High Performance Extreme Computing Conference (HPEC).

[8]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[9]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[10]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[11]  Trent Jaeger,et al.  Justifying Integrity Using a Virtual Machine Verifier , 2009, 2009 Annual Computer Security Applications Conference.

[12]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[13]  Kevin M. Carter,et al.  Probabilistic Threat Propagation for Network Security , 2014, IEEE Transactions on Information Forensics and Security.

[14]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[15]  Arkady Yerukhimovich,et al.  A survey of cryptographic approaches to securing big-data analytics in the cloud , 2014, 2014 IEEE High Performance Extreme Computing Conference (HPEC).

[16]  Robert K. Cunningham,et al.  Automated Assessment of Secure Search Systems , 2015, OPSR.

[17]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[18]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[19]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[20]  M. Goodrich,et al.  Efficient Authenticated Dictionaries with Skip Lists and Commutative Hashing , 2000 .