Fine Grained Protection for Scalable Single-Use Services
Popular Internet servers and web sites may serve thousands of users simultaneously. To handle this volume of activity, these servers share resources, such as processors, memory, and hard disk space. These shared resources provide an avenue for an attacker to affect other users connected to the server if the attacker successfully exploits a vulnerability in the server. This research project aims to eliminate this risk by creating an individual, customized server instance for each user that runs within an isolated single-use container. When the container isolation is carefully managed, this technique prevents an attacker from being able to affect other users, even if the attacker exploits a server instance within a container. The project explores innovative techniques to achieve scalability and security for these containerized services. With over 3 billion people using the Internet, many of whom interact with user-facing servers multiple times a day, the project's outcomes can broadly impact society's computer security. In addition to preventing attackers from affecting other users, the container approach enables detailed forensics to allow defenders to learn from attacks. The research project additionally provides educational opportunities for undergraduate and graduate students as well as outreach activities for the community.
To create these single-use containers, the project explores new techniques across the areas of operating systems, network controllers, authentication, and capability management. The project's first research direction explores opportunities to create new operating system and network-function virtualization techniques to scale to large numbers of containers on each host. A second research direction focuses on the design and implementation of new network and container management algorithms so that flexible security policies can be applied on a per-user basis. A third research direction explores how to manage the access and identity associated with each container to tailor permissions to match those of the user on the client. A final research direction explores automated response mechanisms and forensic collection measures needed to understand and reconstruct attacks. These techniques allow defenders to learn the details surrounding container vulnerabilities each time an attacker compromises a container. In combination, these research activities shift the security advantage to the server operator by transforming previously destructive attacks into instructive lessons for the defenders.
Watch PI Shue describe our approach: