The University of Texas at Austin
  • Securing the cloud

    By Daniel Oppenheimer, College of Natural Sciences
    Daniel Oppenheimer, College of Natural Sciences
    Published: Jan. 20, 2011
    Securing
    Cloud computing.Image: Jonathas Rodrigues Flickr/CC

    This story originally appeared on the Texas Science Web site.

    The future of the Internet could look like this: The bulk of the world’s computing is outsourced to “the cloud” — to massive data centers that house tens or even hundreds of thousands of computers. Rather than doing most of the heavy lifting themselves, our PCs, laptops, tablets and smart phones act like terminals, remotely accessing data centers through the Internet while conserving their processing juice for tasks like rendering HD video and generating concert-quality sound.

    What needs to be figured out for this cloud-based future to emerge are three big things. One is how the computers within these data centers should talk to each other. Another is how the data centers should talk to each other within a super-secure cloud core. The third is how the cloud should talk to everyone else, including the big Internet service providers, the local ISPs and the end-of-the-line users (i.e. us).

    This last channel, in particular, interests Michael Walfish, an assistant professor of computer science and one of the principal investigators of the NEBULA Project, which was awarded $7.5 million by the National Science Foundation to develop an architecture for making the Internet more cloud-friendly. If we’re going to be trusting so much of our computing lives to the cloud, he believes, we need to develop a more secure model for how information travels.

    Michael Walfish

    Michael Walfish, assistant professor of computer science, is working to secure the future of cloud computing.

    “A sender should be able to determine the path that information packets should take,” Walfish said. “A receiver should not have to accept traffic that she does not want. An intermediate provider should be able to know where the packet’s been and should be able to exercise its policies about the downstream provider that’s going to handle the flow next.”

    Walfish’s system for providing such capacities, which he’s developing with colleagues at Stanford, the Stevens Institute of Technology and University of California-Berkeley, is called ICING. It’s a set of protocols that allow every packet of information not only to plot out a path from beginning to end, choosing every provider along the way, but also to establish a chain of provenance as it goes that proves, to both the intermediaries and the final recipients, that it came from where it said it was coming from.

    “What we do is take a packet, a unit of data, and we add some fields to the head of the packet,” Walfish said, who in 2009 won an Air Force Young Investigator Award for work related to ICING.

    “These fields contain enough cryptographic information to be able to communicate to every realm along the way, and back to the sender, where the packet’s been. So when a packet shows up, I know where it’s been. I know whether it obeys the policies of everyone along the path. That property does not exist today.”

    The advantages of such knowledge, Walfish said, should be considerable. Senders, for instance, could contract with intermediate providers for a kind of expressway through the Internet. Recipients would have an easier time sorting their incoming traffic into different levels of priority depending on the routes the packets took.

    Perhaps the greatest advantage of adopting a system like ICING, Walfish said, would come in the area of security. Targets of various kinds of Internet attacks, like denial-of-service attacks, would be able to sever traffic from their attackers faster and with much greater precision. Governments would be able to set up channels of communication that pass through only well-vetted and highly-trusted service providers. Internet security companies could, from anywhere in the world, inspect your traffic for viruses.

    “Right now, there are ways to deal with attackers, but they’re crude, and they’re reactive,” said Walfish. Once the traffic enters the victim’s network link, you’re hosed. All you can do is shut it all down. It would be like if you had a huge line of people coming into your office, not letting you get work done. You could kick them all out, but you still wouldn’t get any work done because you’d spend all your time kicking them out. What you really need is for them to not show up in the first place.”

    Continue reading …

    • Quote 2
      Cinsel Sağlık Ürünleri said on Oct. 29, 2011 at 7:30 a.m.
      +1 It’s onerous to seek out educated individuals on this subject, but you sound like you recognize what you’re talking about! Thanks
    • Quote 2
      Olympics Medal Tally said on Sept. 1, 2011 at 5:37 a.m.
      Michael I wish you all the best for your research. Cloud Computing is the Future of Internet and no one can disagree with it. As an entrepreneur i totally relay on Cloud and I personally think it needs more security. Make it Safe.
    • Quote 2
      miguel said on Aug. 24, 2011 at 7:03 p.m.
      muy informativo post relacionado de este problema yo espero volver a contemplar comunicado tan educativo como este. muchas gracias
    • Quote 2
      Janessa Scaman said on May 1, 2011 at 12:23 a.m.
      It’s onerous to seek out educated individuals on this subject, but you sound like you recognize what you’re talking about! Thanks
    • Quote 2
      Outdoor String Lights said on April 25, 2011 at 12:28 a.m.
      Very insightful article, not the typical fluff piece that we always see nowadays. The writing was very concise and had loads of useful info. Thanks a lot for sharing this. I Will be coming back pretty soon to learn more !
    • Quote 2
      Bruce Honeycut said on April 2, 2011 at 4:26 a.m.
      51. What i don't realize is in fact how you're no longer really a lot more smartly-favored than you may be right now. You're very intelligent. You realize therefore considerably relating to this topic, made me in my view consider it from a lot of various angles. Its like men and women don't seem to be fascinated until it is something to accomplish with Lady gaga! Your individual stuffs excellent. Always take care of it up!
    • Quote 2
      Loan Malchow said on March 15, 2011 at 11:45 p.m.
      Its like you read my mind! You seem to know so much about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a bit, but other than that, this is great blog. An excellent read. I'll definitely be back. parfum
    • Quote 2
      West Bengal Election 2011 said on Feb. 10, 2011 at 12:25 a.m.
      Thanks for this great article. I really enjoyed it.
    • Quote 2
      JG said on Jan. 25, 2011 at 12:24 a.m.
      I too agree. Company's will continue to consolidate systems in efforts of being cost-centric. The cost of doing busines is rising. It's as clear as an led sign relentlesly capturing its audiences attention. Currently where I work we have consolidated everything but the heavy i/o databases into our cloud. It has saved our company thousands of dollars in electricity, hardware, and after hours support.
    • Quote 2
      Tweets that mention Securing the cloud « Know -- Topsy.com said on Jan. 21, 2011 at 6:56 a.m.
      [...] This post was mentioned on Twitter by Yuly Stevsky, DAVID L JOHNSON and Cloud Models, Domain-inventory.com. Domain-inventory.com said: Securing the cloud - http://www.utexas.edu/know/2011/01/20/cloud_computing/ [...]
    Share:
    • Digg
    • del.icio.us
    • StumbleUpon
    • Facebook
    • Google Bookmarks
    • LinkedIn
    • Twitter
    • Print
    • email

    Related Topics

    , ,