How IARPA invents its way to security

Rather than trying to improve the security "of the cloud," the Intelligence Advanced Research Projects Agency wants to use the cloud to increase security.

According to IARPA Program Manager Kerry Long, security problems like spear phishing are not the result of "stupid" users, but rather a function of the design of the interface they're required to work with. IARPA's plan "to invent its way out of the security problems," he said, resulted in the virtuous user environment, or Virtue.

Speaking at the FCW "Security Innovation in the Cloud" workshop in February, Long described how the Virtue program has sought to redesign the traditional desktop interface so that when users accidently click on links in spear phishing emails, for example, they are not opening the enterprise to attack. By separating apps and functions into separate cloud containers, Virtue creates an environment based on user roles – email reader/respondent, web researcher, database contributor, for example.  That means an attacker who gets into a user's email only sees email and can't connect to the computer's other applications.

A user-friendly presentation interface hides the virtual environment in which apps/roles function in separate containers.

"Imagine five or six virtual machines, basically running in the cloud, all separate, doing these different roles, so they're isolated from each other. But your interface hides that from you," Long said. "When you're opening Word, you don't realize you're running it in Germany, on a container there," he said. "You're on the cloud, you don't care."

VirtUE code and documentation will be released as open source so researchers, industry and innovators can use it to build more secure cloud-based products and services.

For additional coverage of cloud computing, check out GCN's Cloud & Infrastructure portal.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected