May 9, 2011

Air Force, University of Illinois Take Aim at Cloud Challenges

Nicole Hemsoth

This week the University of Illinois, the Air Force Research Laboratory and the Air Force Office of Scientific Research launched a new initiative to tackle some of the most persistent security and data integrity related issues that plague the cloud. We discussed the effort and its projected outcomes with the project lead, Dr. Roy Campbell.

When natural disasters strike, oftentimes diverse nations heed the call of the country in peril sending both supplies and tactical support. Although there are pipelines to streamlines these rescue efforts, roadblocks can occur when the country in crisis has unstable relationships with the source of aid.

According to researchers supporting a new effort to improve military networks across borders using cloud computing resources, “staging such an operation would be risky without a cloud infrastructure that has secure properties.” As they note, assuring a successful mission in a possibly hostile environment that benefits from the communications, computations and applications of cloud computing isn’t possible without networks that operate seamlessly and securely and within a framework of trusted practices and standards.

To address complications such as these that routinely emerge in military contexts, the University of Illinois unveiled a new research initiative today aimed at creating a more secure, robust environment for military applications as they traverse government and third-party networks.

Coined the Assured Cloud Computing Center, the new program will be backed by $6 million from the U.S. Air Force Research Laboratory Technology Directorate (AFRL) which will work in tandem with the university and the Air Force Office of Scientific Research (AFOSR).

The center will be located within the University of Illinois Information Trust Institute where a team of dedicated researchers will set to work tackling some of the cloud’s most pressing issues, especially in the context of military applications living in the cloud.

The team’s most significant efforts will be concentrated on the matter of “blue” and “gray” networks and the associated problems of security, confidentiality, data integrity and communications—not to mention the general functionality of the applications that require such data protection-related scrutiny.

Dr. Roy Campbell, the Sohaib and Sara Abbasi Professor in the Department of Computer Science at Illinois provided details about the numerous distinctions between “blue and gray” networks. He stated in a release today that “A computational cloud used in military applications may include both blue and gray networks, where ‘blue’ networks are U.S. military networks, which are considered secure—and gray networks, which are those in private hands or perhaps belong to other nations that are considered unsecure.”

Campbell noted that these distinctions and the concerns they bear are critical considerations for the future of military cloud computing because for some military goals, there will be benefits to coordinating computation across a blend of these two resource types.

To follow up with the announcement of the Assured Cloud Computing Center, we asked Dr. Campbell a few additional questions about the scope of cloud security problems, especially as they relate to military applications and touched on some tangential matters, including how this research will extend to the clouds of the future.

HPCc: Give us a personalized account of the current state of cloud computing security: is it overhyped as a problem–after all, there are also potential breach possibilities with in-house systems for the U.S. military. In other words, what specific security problems are involved with military cloud computing?

Campbell: The current state of cloud computing security is clearly lacking as has been demonstrated recently (say by Sony).  Whether the state of cloud computing is overhyped depends on what are risks and costs of compromise.

The model of a cloud computing environment is evolving quickly. The Air Force must be able to conduct network-centric warfare as well as missions of national importance. Clearly, in many circumstances, assurances in the forms of security and dependability are crucial to the successful outcome of the mission. Now, however, throw into the mix the need for the Air Force to perform international operations using both military and non-miltary IT resources and you have additional complexity. To this end,  Assured Cloud Computing has to be end-to-end and cross-layered. It has to operate over multiple security domains.  Now, when the lives of personnel of the Air Force  and our national interest may depend on the correct functioning of the cloud,the need for assured cloud computing becomes a priority.

HPCc: Why is the Air Force so keen on the clouds? What is the advantage for them to have remote access to applications?

Campbell: The Air Force depends very heavily on surveillance, remote sensing, drones, complex computer controlled weapon systems, and powerful computers capable of complex analysis.  Missions can be viewed as complex flows of information from sensors, through command and control, to actuation.

Speed and availability is of the essence. In conducting international missions, the Air Force may not have a complex network at its disposal.  In many emergency situations and natural disasters, infrastructure can be damaged and communications and operations may need other IT support.

Assured cloud computing gives the Air Force the advantage of being able to get the right resources for a mission from a range of available sources.  It clearly helps to provide the Air Force an edge that will allow them to succeed in their missions.

HPCc: Do you see increasing collaboration across the blue and gray computational networks? In other words, many often assume that military applications are housed exclusively on military networks–is this a hybrid cloud model you see emerging in the future (some mission-critical apps on in-house, blue machines) where the other less mission-critical/security-aware applications are being sent to a third-party provider? Give us a sense of this landscape.

Campbell: When the military is conducting a mission, a successful outcome is paramount. The question becomes what does it take to conduct the mission and what is available to allow that to happen. We have already observed natural disasters that have taken out critical infrastructures that are vital to rescue missions (for example in Japan.)  When that happens, the military needs the ability to use resources.

HPCc: There are a lot of references to “blue” and “gray” networks and issues revolving around cloud security as a loose concept, but let’s get more specific–where do you start tackling some of cloud’s security issues? There are so many layers that are involved so better yet, what is the first/most important item of business for your research team on this security front?

Campbell: There are lots of security solutions to problems but knowing how they apply to a particular system and being able to use them for a specific mission is difficult. I expect we will find problems for which we cannot yet provide a solution and our researchers will have to investigate. Firewalls, IDS systems, encryption technology, access controls are all resources we can use. But the problem is getting a mission completed and what it takes to do it in an assured manner.  

One technology we will definitely be deploying is the modeling and simulating of systems to understand better what are the vulnerabilities and problem. We will also be looking at more appropriate access controls that can be deployed across mixtures of blue and gray networks and how we can monitor systems for better security analysis. I expect quite a lot of our first year in this grant will be collaborating with our Air Force researchers in understanding the complete spectrum of the problems faced by our Air Force and documenting them in terms of what technologies can be sued to solve them.

HPCc: What lessons from this initiative can be passed along to the public eventually–are there some core security or other developments you’re working with that will find their way into public cloud provider arsenals? Explain in other words the “trickle down” effect that you think might happen.

Campbell: We have developed clouds as a means of providing humanity an inexpensive and pervasive means of computation and communication. What we haven’t done yet, and our center hopes to address, is how to provide that computation and communication in a manner that is trustworthy and available…. that is assured for the various missions that humanity might need in the future. This Air Force initiative is an important first step.

Share This