Visible to the public InTrans: Modular Security on an Open CloudConflict Detection Enabled

Project Details

Lead PI

Performance Period

Oct 01, 2019 - Sep 30, 2021


Trustees of Boston University


National Science Foundation

Award Number

This project explores the intriguing possibilities that result from the combination of two tools: cryptographic software that distributes any computing task over several machines with strong security guarantees as long as the machines are isolated, and a multi-provider cloud datacenter that offers to any tenant the ability to rent multiple isolated machines that are administered by different organizations. The project's novelties are to optimize cryptographically secure multi-party computation (MPC) for use in a multi-provider datacenter, leveraging the security properties already provided by such datacenters. The project's impacts are open-source software packages that provide a compelling application for cloud datacenters like the Mass Open Cloud (MOC) that adopt a multi provider approach. The research in this InTrans project is of strong interest to two industrial partners, Honda Research Institutes and Red Hat, and it builds on top of the work performed in the Modular Approach to Cloud Security Frontier project.

In more detail, this cross-disciplinary project encompasses three sets of tasks that span cryptography and distributed systems. First, the investigators explore opportunities to improve and optimize the algorithmic design of MPC toward specific scenarios for which we have observed large interest by our industry partners and others. Second, the investigators adapt and optimize system software and existing MOC tools to improve MPC's networking and distributed computing steps. Third, the investigators perform a universal composability (UC) security analysis of the MOC's security-relevant systems in order to determine the extent to which can contribute toward MPC. These three tasks are co-dependent: for instance, a UC model of the MOC can provide insights into the design of new MPC algorithms that combine software with partially trusted hardware and to validate whether the cloud meets the pre-conditions required by MPC (such as isolation between nodes).