How IARPA invents its way to security

Rather than trying to improve the security "of the cloud," the Intelligence Advanced Research Projects Agency wants to use the cloud to increase security.

According to IARPA Program Manager Kerry Long, security problems like spear phishing are not the result of "stupid" users, but rather a function of the design of the interface they're required to work with. IARPA's plan "to invent its way out of the security problems," he said, resulted in the virtuous user environment, or Virtue.

Speaking at the FCW "Security Innovation in the Cloud" workshop in February, Long described how the Virtue program has sought to redesign the traditional desktop interface so that when users accidently click on links in spear phishing emails, for example, they are not opening the enterprise to attack. By separating apps and functions into separate cloud containers, Virtue creates an environment based on user roles – email reader/respondent, web researcher, database contributor, for example.  That means an attacker who gets into a user's email only sees email and can't connect to the computer's other applications.

A user-friendly presentation interface hides the virtual environment in which apps/roles function in separate containers.

"Imagine five or six virtual machines, basically running in the cloud, all separate, doing these different roles, so they're isolated from each other. But your interface hides that from you," Long said. "When you're opening Word, you don't realize you're running it in Germany, on a container there," he said. "You're on the cloud, you don't care."

VirtUE code and documentation will be released as open source so researchers, industry and innovators can use it to build more secure cloud-based products and services.

For additional coverage of cloud computing, check out GCN's Cloud & Infrastructure portal.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.