In this project, we are exploring the association between computing tasks (jobs) and the computing resources assigned to run those jobs to improve the ability to deploy tasks to satisfy security requirements. Historically, the owners of the computing tasks also owned their computing resources, so they configured their resources to run their tasks efficiently and securely. However, configuring tasks to run securely has become so complex that the key knowledge is now distributed among several parties: cloud vendors configure host systems, OS distributors configure cloud instances, customers configure their application programs and network policies. The goal is to be able to collect this expertise into a single model to reason about how to deploy computing tasks to satisfy their security requirements. To do this, we are integrating the myriad of integrity measurement mechanisms into a comprehensive integrity measurement framework to enable reasoning about the satisfaction of a computing task's data security from installation to completion. Using this model, we are building a customer-centric utility computing service to choose an assignment of resources for computing tasks that satisfies data security requirements. When a customer deploys a computing task via such a service, the service will construct integrity-verified channels to her running jobs, which are secure communication channels that guarantee that the data sender adheres to a data security policy. Using such services, customers will be able to deploy computing jobs among cloud resources managed by several parties, while assuring that their data security requirements are satisfied automatically.
