IARPA's vision for High-ClaaS cloud security
Dedicated to pursuing high-risk/high-payoff research to some of the most intractable tech problems, the Intelligence Advanced Research Projects Agency is working on securing the cloud, down to the servers.
Rather than locking down data by isolating the cloud, IARPA's High CLaaS (for classified as a service) program aims to encourage development of technologies that would enable highly isolated computing tasks on shared commercial clouds.
Speaking at the FCW’s recent "Security Innovation in the Cloud" workshop, IARPA Program Manager Kerry Long said that rather than putting the cloud in the intelligence community's isolated environment, IARPA wants to move the isolation to the cloud. If agencies could come up with metrics for exactly what they require in terms of isolation and custody, cloud providers could develop "classified as a service" offerings to sell to customers requiring very high levels of security like the financial or pharmaceutical industries as well as the IC.
"We want to be able to rent a resource from the cloud provider and completely isolate it from everyone – including the cloud provider," Long said. And when IARPA's done using the resource, the cloud provider could rent it to someone else, even an adversary, which would require re-engineering the communications and storage channels wired into the servers.
Rather than architecting new chips, IARPA envisions renting bare metal nodes -- bare metal as a service -- so the isolation boundary is the server itself.
See the full discussion of the High Claas program, which starts at 17:15. In the first part of his presentation Long discusses the Virtue program, which you can read more about here, here and here.
Connect with the GCN staff on Twitter @GCNtech.