Hyper-converged Programmable Secure Communication in the Blob Computing Era

Abstract

Objective. We are witnessing the emergence of a new ~blob~ computing paradigm. Traditional enterprise IT infrastructures keep moving into clouds, which resulted in several super clouds that can dominate the traffic on Internet. This ~blob~ification trend enables new opportunities to rethink the design of efficient and secure communications inside the blob, as all internal computing and communication components are fully under the control and mostly software defined. Thus, it might not be necessary to use the traditional Internet one-standard-protocol-for-all model which could cause unnecessary performance overheads and attack surfaces. In response to this new trend, we propose a novel hyper-converged programmable secure communication (HPSC) framework that can innovate the controllability through programmability(including customization capability) of secure communications across both host and network systems, covering the entire life cycle of the communication. Our solution does not need to modify host communication programs thus transparent to communicating parties. With our HPSC framework, one can design/deploy an HPSC control app to flexibly and dynamically programcommunication customization and security needs on the fly. For example, developers can customize networking stack based on context information, add selective customization/encryption, monitor specific anomaly/threat, and/or respond to threats at both network and host system levels for any specified communication or host programs.Anticipated products of the proposed research include publications of scientific methodologies and algorithms, prototype implementations, and experimental evaluations of the effectiveness of our proposed techniques.Approach. To achieve our goal, we have made a few key innovations. We propose to design new Programmable Networking Stacks (PNS) so that we can abstract network stack controllability from existing ossified host network stacks. We propose to design programmable system flows so that we can abstract system activities and security controllability at hosts. We design unified HPSC programmability that can unify our new host-side programmability with network-side programmability (e.g., SDN/NFV). We design a unified control plane for that purpose and enable developers to design HPSC control apps to control blob-wide communications across hosts and networks. Finally we also provide new techniques to validate and verify the conformance and user-intended properties of those HPSC control apps.Impact and Merit. The proposed research is expected to significantly advance the state-of-the-art of secure communications in the new blob computing era. The new programmable control capability across host and network systems can make transformative contributions to how current enterprise, data centers and cloud computing are built and managed. In particular, project outcomes willfacilitate Navy~s adaptation and integration of new HPSC solution into mission-critical operating environments.

Document Details

Document Type

DoD Grant Award

Publication Date

Nov 26, 2019

Source ID

N000142012734

Entities

Tags