Cloud & Security Lab

cloud


Cloud & Security Lab News


HP Labs Science Lecture - Science and non-science in alcohol and drugs policy with Dr David Nutt   » Register

Dynamic Defence - ZDNet UK Article   » Read More

BBC take a tour of the Bristol Labs   » Read More

Mission

Cloud computing is starting to change the way businesses, governments and consumers work, live, play and socialize. However, trust and security continues to remain a key obstacle to its ultimate success.

That's why HP's Cloud and Security Lab are centering its research on technologies that enable safe participation in this new world, addressing challenges such as scale, flexibility, the sharing of sensitive information and the growing capabilities and motivations of the attacker.

In the world of security, privacy, and the real threat of censorship (as entities and individuals fight for the control of public networks and content) – the bleak futures of cyberpunk science fiction are all too possible. Regarding our cyber-security, a state of advanced, persistent threat exists. But most currently proposed technology "fixes" scale poorly (especially in a world of pervasive cloud services and emerging exascale IT infrastructure), put control in the hands of the few (experts, companies, and government agencies), and barely acknowledge the complexities of cross-border governance. Today's defenses are an art and a cottage industry rather than an engineering discipline, and that is something that needs to be changed.

HP Labs research in security will lead this change by borrowing from the way biological systems defend themselves, blending both command and control structures with peer-to-peer mechanisms – resulting in proactive dynamic defense systems. As our physical and virtual worlds are instrumented to enable intelligence and automation, proactive dynamic defense systems will need to be embedded. HP Labs' vision is to support the complete security lifecycle through a better science of security, allowing more user-controlled, analytic approaches to risk to automatically drive policy, security configuration and data collection, and service choices so that better assurance can be provided.

Research opportunities and challenges

Securing the cloud

The continued growth of organized cybercrime, the deeper alignment of business and IT, the rapid adoption of social networking tools and cloud-based services, and the blurring boundary between personal and work life, all make security harder to understand yet increasingly important to everyone who wants to participate in the Cloud. We believe the current and traditional ways of doing security are running out of steam and do not scale well for these future challenges and infrastructures. We need to:

  • create new ways of thinking about security
  • design and build infrastructure and tools more appropriate to this future world

There are many challenges which need to be addressed:

  • understanding cyber-risk
  • how to model threats, security resources, controls and outcomes
  • how to deal with sophisticated attacks
  • how to automate security
  • building trusted infrastructures
  • what to monitor in terms of privacy
  • how to address assurance and privacy
  • service lifecycle management( describe, customize, deploy, adapt, migrate, and tear-down)
  • big data for security
  • large scale cloud infrastructure

Current Research projects

G Cloud

Develop a cloud infrastructure with government grade security, while maintaining flexibility and efficiency and making sure that services are protected against future cyber attacks. HP Labs in Bristol have created a state of the art Innovation Theatre to house the demonstrator, where HP government and enterprise customers can come and brainstorm with HP Labs researchers to improve their understanding of the cloud.

Dynamic Defence

The goal of the Dynamic Defence project is to research how to provide an effective, fluid response to the constantly changing and severe threats to Cloud and Enterprise IT systems. We are building dynamic protection, detection and responses that will:

  • get more value from the security data which is already collected today
  • and change the game for defending against threats we will be facing tomorrow

We are adopting a range of approaches including: self instrumenting the applications and services based on static and dynamic code analysis; randomizing as much of the infrastructure and responses as possible so as to make redundant much of the planning and reconnaissance required for the longer term advanced persistent threats; novel "white blood cell" like sensors that can detect component symptoms of modern malware; new techniques for analyzing big security data and sharing threat information across trust boundaries.

Ultimately, our goal is to build a self-tuning dynamic defence system for future IT infrastructures such as the Cloud which adapts itself according to the external threat environment.

External Collaborations

Cloud Stewardship Economics

A three-year Technology Strategy Board funded collaborative research project including HP Labs, The University of Aberdeen, The University of Bath, Sapphire, Validsoft, Marmalade Box and the Institute of Information Security Professionals (IISP). Lloyd's of London is acting as an external advisor and as a case study in cloud stewardship.

Managing information risk is a complex task that must continually adapt to business and technology changes. We argue that cloud computing presents a significant step change, and so implies a big change for the enterprise risk and security management lifecycle. Click here for more information

Trust Domains

Trust Domains is a three-year, Technology Strategy Board and EPSRC funded collaborative project, looking to address the problems related to information sharing within the cloud. The project is looking at ways of deploying systems in which information can be shared in a trustworthy manner and where we can ensure the integrity and provenance of information as well as ensuring it is kept confidential yet available - we describe such a solution as a Trust Domain.

For more information about the Trust Domains project please view the following reports: Framework and Usage Scenarios for Data Sharing – Interim Report.

For more information please view our Trust Domains Project Overview.

Previous Research Projects

Active Countermeasures

Active Countermeasures uses the same vulnerabilities exploited by attackers to protect against a potential threat and prevent widespread damage to network systems. It's directed at unknown machines -- those in enterprises that are unmapped or do not comply with security policy, and therefore represent vulnerable points in the network. Adaptive Countermeasures works like a vaccine by delivering a less virulent form of the disease, we are able to prevent that machine from being part of the environment that spreads the malignancy. The service provides an ongoing vulnerability analysis based on the latest advisories from major security organizations and other sources, registering the threats with the highest probability and risk. The HP distributed scanning tool is then used to scan the network for machines vulnerable to those threats and automatically deploy policy-driven mitigation techniques.

For further information click here.

Cirious

Developing foundational technologies needed to create an enterprise cloud software platform. Research areas in the lab include cloud-based and service-enabled applications; novel techniques for data center design and operations; and service-oriented IT.

EnCoRe

This 6-partner research collaboration, led by HP Labs, is investigating the role of consent lifecycle management as the basis for improved informational privacy, from the viewpoints of both the individual and the enterprise. Its vision is to make granting consent to the processing of personal information as easy and reliable as turning on a tap and revoking consent as easy and reliable as turning it off again. The project includes technical, business process, legal and social science research.

For more information visit www.encore-project.info

SE3D

SE3D, was a Watershed project sponsored by HP and Alias, bringing together over 30 media organisations, aspiring animators and industry veterans to create 11 films produced using cutting-edge technology. During the course of the programme, 500,000 CPU hours were used to render 500,000 frames of animation, using HP Labs prototype utility computing platform and 3D rendering service.

http://www.hpl.hp.com/se3d/

SmartFrog

SmartFrog is a technology for describing distributed software systems as collections of cooperating components, and then activating and managing them. SmartFrog consists of a language for describing component collections and component configuration parameters, and a runtime environment which activates and manages the components to deliver and maintain running systems.

For further information click here.

TrustCloud

TrustCloud addresses key issues and challenges in achieving a trusted cloud through the use of detective controls via technical and policy-based approaches. This project is led by HP Labs Singapore, in collaboration with HP Labs Bristol and ArcSight, Inc. For more information, please refer to our technical report.