How IARPA invents its way to security
Rather than trying to improve the security "of the cloud," the Intelligence Advanced Research Projects Agency wants to use the cloud to increase security.
According to IARPA Program Manager Kerry Long, security problems like spear phishing are not the result of "stupid" users, but rather a function of the design of the interface they're required to work with. IARPA's plan "to invent its way out of the security problems," he said, resulted in the virtuous user environment, or Virtue.
Speaking at the FCW "Security Innovation in the Cloud" workshop in February, Long described how the Virtue program has sought to redesign the traditional desktop interface so that when users accidently click on links in spear phishing emails, for example, they are not opening the enterprise to attack. By separating apps and functions into separate cloud containers, Virtue creates an environment based on user roles – email reader/respondent, web researcher, database contributor, for example. That means an attacker who gets into a user's email only sees email and can't connect to the computer's other applications.
A user-friendly presentation interface hides the virtual environment in which apps/roles function in separate containers.
"Imagine five or six virtual machines, basically running in the cloud, all separate, doing these different roles, so they're isolated from each other. But your interface hides that from you," Long said. "When you're opening Word, you don't realize you're running it in Germany, on a container there," he said. "You're on the cloud, you don't care."
VirtUE code and documentation will be released as open source so researchers, industry and innovators can use it to build more secure cloud-based products and services.
For additional coverage of cloud computing, check out GCN's Cloud & Infrastructure portal.
Connect with the GCN staff on Twitter @GCNtech.