U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Archived Content

In an effort to keep DHS.gov current, the archive contains outdated information that may not reflect current policy or programs.

Security of Cloud-Based Systems

Cloud computing is rapidly transforming information technology in both the private and public sectors.  Cloud-based solutions provide significant scalability, realize significant cost effectiveness, can be quickly deployed and provisioned, and can enable full transparency in managing operational costs.  Because of this, organizations face enormous pressure to incorporate cloud solutions into their operational environment.  However, the novel combination of technologies used to implement cloud services introduces new vulnerabilities to malicious attack, which will only increase as more applications and platforms move to cloud environments. 

Cloud Types Overview Diagram, Private Cloud, Public Cloud, Hybrid Cloud
Overview of the different types of cloud. Private Clouds are clouds where the underlying infrastructure is completely under the control of and dedicated to the consuming organization. Private Clouds allow for more finely grained security controls, however many of the cost efficiency potential of cloud cannot be realized.  Public Clouds are external to the organization, and may involve co-tenancy on infrastructure offered to other customers of the Cloud Service Provider. While this offers cost savings, it can also invoke security concerns.

Motivation

Enterprises that are migrating systems to the cloud are often concerned about the risk the cloud platform poses. They are unable to evaluate those risks because the underlying cloud infrastructure is owned by another organization and vulnerabilities may not be readily apparent.  Current cloud computing security approaches are based on virtualization, separation and access control. Compromised computing nodes must be manually identified and disinfected, and they cannot be quickly recovered in the face of automated and persistent attack. 

Approach

A comprehensive cloud security solution must be resilient in the face of significant node corruption and must incorporate regenerative capabilities that can ensure the continued mission effectiveness of the system.  Current solutions to prevent an attacker from stealing a compromised node’s data require unacceptably high bandwidth, which can significantly slow systems. These approaches also assume a static architecture, a situation that inherently favors the attacker since it provides them with time to discover the network’s architecture and layout and implement an effective attack.

In order to address these and other challenges, CSD will develop several technologies within the Security for Cloud-based Systems program. This work focuses on developing and deploying cloud investigation and auditing tools and capabilities, technologies that allow for advanced virtual machines (VM) management, methods that provide for secure multiparty computing as well as the development of other technologies to secure the end-points in a cloud system.

Contact

Program Manager: Edward Rhyne

Email: SandT-Cyber-Liaison@hq.dhs.gov

Performers

Prime: ATC-NY - Silverline

Prime: HRL Laboratories - Cloud-COP

Prime: Intelligent Automation Inc. - Self-shielding Dynamic Network Architecture (SDNA) in the Cloud

Prime: Private Machines - ARMOR

Last Updated: 01/23/2023
Was this page helpful?
This page was not helpful because the content