Mar 2019: The NSF CC-DNI SecureCloud Project
Cyberinfrastructure is undergoing a radical transformation as traditional data centers are replaced by cloud computing. Cloud hosted applications tend to have a poorly defined network perimeter, large attack surfaces, and pose significant challenges for network visibility, segmentation, and authentication. We discuss research from the NSF SecureCloud project, which addresses the unique requirements of cloud security using an autonomic, zero trust architecture. We have created and tested original software using a first-of-a-kind cybersecurity test bed constructed at the New York State Cloud Computing & Analytic Center, Marist College. We developed the first honeypot for software defined network (SDN) controllers , and created honeypots for graph database APIs, SSH, and other applications. These honeypots collect raw data telemetry, which is processed into actionable threat intelligence using our Lightweight Cloud Analytics for Real Time Security (LCARS), an SIEM that includes the G-Star graph database and hive plot visualizer. We have built a threat intelligence database including attack patterns and orchestrated response recipes. We demonstrate dynamic reconfiguration using REST APIs for network appliances, while we cloak high risk applications using a combination of Transport Layer Access Control and First Packet Authentication. Use cases include reconfiguration of trust levels in response to distributed denial of service (DDoS) and other attacks.
Speaker Bio: Casimer DeCusatis is an Assistant Professor at Marist College. He is a Cisco Distinguished Speaker, Fellow of IEEE, OSA, SPIE, and recipient of the following awards: IEEE Kiyo Tomiyasu, IEEE R1 Cybersecurity Education, Sigma Xi Walston Chubb, Mensa Copper Black, PSU Outstanding Alumnus, and IEEE/HKN OYEE. He received his M.S.(1988) & Ph.D.(1990) from RPI and his B.S. from Penn State (1986).