This Small Business Innovation Research (SBIR) Phase II project will design and build a technology platform that allows cloud infrastructures to run clients' tasks with full computation privacy. The cloud provider itself is unable to access to customers' workloads even in the presence of malicious-intent direct physical access to the hardware itself. The technology significantly increases cloud defense capabilities, and provides strong computation privacy, and regulatory compliance guarantees to any regulatory- and security-sensitive customers. This level of security is achieved by (i) endowing a traditional infrastructure with a collaborative security layer of active transparent defense and control, a cloud ?immune system?, and (ii) new mechanisms that allow full computation privacy for outsourced tasks. The immune system has its own control network and can instantly share critical information and react independently for meaningful operation and fast recovery even under sustained attack and severe compromise. It also transparently monitors and accesses the server runtimes and can strongly react and immediately present a united defense across the entire cloud. Moreover, inherent privacy and confidentiality assurances allow safe computation execution and data hosting with full security, even in the case of a compromised curious service provider with full physical access to the infrastructure.
The broader impact/commercial potential of this project will manifest itself in all dimensions of our increasingly internet and cloud-reliant society and technology. Because clouds introduce significant risks, technology-backed comprehensive security and privacy assurances are essential to establish cloud computing as a truly viable alternative to in-house IT. Unfortunately, these guarantees are not achievable with any of today's offerings or research efforts, despite being direly needed by all major potential cloud adopters, including financial, governmental and healthcare markets, heavily governed by security, regulatory compliance and intellectual property constraints. As a result, rather than risk regulatory compliance breaches, and unauthorized access to proprietary business logic, these major markets have simply not adopted the cloud. Countless surveys outline security and privacy consistently as the top concern preventing adoption, and markets have reacted with strong reservations. This project develops a disruptive technology that bridges this gap and makes cloud adoption secure and attractive in all these markets. As a result it will lead to exponential cross-market growth. Finally, enabling cloud deployment with full computation privacy, regulatory compliance and data confidentiality will significantly increase enterprise agility and competitiveness.
