Cyberinfrastructure is undergoing a radical transformation as traditional data centers are replaced by cloud computing. Cloud hosted applications tend to have a poorly defined network perimeter, large attack surfaces, and pose significant challenges for network visibility, segmentation, and authentication. We discuss research from the NSF SecureCloud project, which addresses the unique requirements of cloud security using an autonomic, zero trust architecture. We have created and tested original software using a first-of-a-kind cybersecurity test bed constructed at the New York State Cloud Computing & Analytic Center, Marist College. We developed the first honeypot for software defined network (SDN) controllers , and created honeypots for graph database APIs, SSH, and other applications. These honeypots collect raw data telemetry, which is processed into actionable threat intelligence using our Lightweight Cloud Analytics for Real Time Security (LCARS), an SIEM that includes the G-Star graph database and hive plot visualizer. We have built a threat intelligence database including attack patterns and orchestrated response recipes. We demonstrate dynamic reconfiguration using REST APIs for network appliances, while we cloak high risk applications using a combination of Transport Layer Access Control and First Packet Authentication. Use cases include reconfiguration of trust levels in response to distributed denial of service (DDoS) and other attacks.
About Trusted CI: Trusted CI is the NSF Cybersecurity Center of Excellence. See our website trustedci.org.
*NOTE:* Be sure to check your SPAM/JUNK folder for the registration confirmation email.