Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:TRUSTEES OF INDIANA UNIVERSITY
Doing Business As Name:Indiana University
PD/PI:
  • XiaoFeng Wang
  • (812) 856-1862
  • xw7@indiana.edu
Co-PD(s)/co-PI(s):
  • Geoffrey C Fox
Award Date:08/17/2012
Estimated Total Award Amount: $ 500,000
Funds Obligated to Date: $ 500,000
  • FY 2012=$500,000
Start Date:09/01/2012
End Date:08/31/2017
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:TWC: Small: Secure Data-Intensive Computing on Hybrid Clouds
Federal Award ID Number:1223495
DUNS ID:006046700
Parent DUNS ID:006046700
Program:Secure &Trustworthy Cyberspace
Program Officer:
  • Sol Greenspan
  • (703) 292-7841
  • sgreensp@nsf.gov

Awardee Location

Street:509 E 3RD ST
City:Bloomington
State:IN
ZIP:47401-3654
County:Bloomington
Country:US
Awardee Cong. District:09

Primary Place of Performance

Organization Name:Indiana University
Street:901 E. 10th Street
City:Bloomington
State:IN
ZIP:47408-3912
County:Bloomington
Country:US
Cong. District:09

Abstract at Time of Award

The ongoing effort to move data intensive computation to low-cost public clouds has been impeded by privacy concerns, as today's cloud providers offer little assurance for the protection of sensitive user data. This problem cannot be addressed by existing cryptographic techniques alone, which are often too heavyweight to manage the computation involving a large amount of data. As a result, many computing tasks have to be run on individual organizations? internal systems whenever they touch even a very small amount of sensitive information. The research in this project seeks practical solutions to this critical security challenge. The PIs are working on an approach to split a computing job over a hybrid-cloud platform, delegating to a public cloud the computation over public data, while keeping the computation on sensitive data within a private cloud. Specifically, the PIs are developing a privacy-aware MapReduce system, which transparently partitions a computing job and schedules its components across the public/private clouds according to the security levels of the data involved. The system is designed to achieve high security assurance and outsource most of its workload when possible, at small computational and communication overheads. It includes support for analyzing and transforming the code for legacy jobs as well as developing new jobs. We are also working to extend these techniques to facilitate other secure work-flow processing over hybrid clouds. This research involves industry collaborators and contributes to secure processing of a wide range of computing jobs, from commercial data analysis, to DNA analysis, to intrusion detection.

Publications Produced as a Result of this Research

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

H. Tang, X. Jiang, X. Wang, S. Wang, H. Sofia, D. Fox, K. Lauter, B. A. Malin, A. Telenti, L. Xiong and L. Ohno-Machado "Protecting Genomic Data Analytics in the Cloud: State of the Art and Opportunities" BMC Medical Genomics, v., 2016, p..

Y. Chen, T. Li, X. Wang, K. Chen and X. Han "Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations" the 22nd ACM Conference on Computer and Communications Security (CCS), v., 2015, p..

W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bindschaedler, H. Tang, C. Gunter "Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX" In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), v., 2017, p..

X. Liao, S. Alrwais, K. Yuan, L. Xing, X. Wang, S. Hao and R. Beyah "Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service" the 23rd ACM Conference on Computer and Communications Security (CCS), v., 2016, p..

V. Bindschaedler, M. Naveed, X. Pan, X. Wang and Y. Huang "Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy and the New Way Forward" the 22nd ACM Conference on Computer and Communications Security (CCS), v., 2015, p..

X. Wang, Y. Huang, Y. Zhao, H. Tang, X. Wang and D. Bu "Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance" the 22nd ACM Conference on Computer and Communications Security (CCS), v., 2015, p..


Project Outcomes Report

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The ever-growing demands for data-intensive computing have already overburdened individual organizations' internal computing systems. A trend widely believed to be inevitable is to move such computations to low-cost public commercial clouds.  This development, however, has been impeded by privacy concerns, as today's cloud providers offer little assurance for the protection of sensitive user data. This problem cannot be addressed by existing secure outsourcing techniques, which are too heavyweight to manage the computation involving a large amount of data. As a result, many computing tasks have to be run on internal systems whenever they touch even a very small amount of sensitive information.

Intellectual Merit. In this project, we studied the new technologies that address this challenge using privacy-preserving hybrid-cloud computing. By splitting computing over public and privacy part of a cloud system, including mobile cloud and trusted execution environment (TEE) used on the cloud such as Intel SGX, we can delegate non-sensitive part of the computing to the less protected but more efficient public side of the cloud while keeping security-critical computation within the private side of the cloud. Since many real-word jobs involve only a relatively small amount of sensitive data (e.g., human DNA analysis), a well-designed partition technique can help move major computing workload to the public cloud.  In this project, we developed innovative partition techniques for large-scale genomic computing, which demonstrates that over a hybrid cloud, complicated real-world genome analysis teaks such as read-mapping can be done efficiently and securely. Further we developed a privacy-preserving technique for searching similar patient’s DNA over hybrid clouds in a large scale, taking a step closer to making such important techniques practical.  We developed the techniques for automatic scheduling on hybrid-cloud to support such secure computing and investigated the limitations of existing privacy protection techniques such as ORAM on such cloud environments. Also studied are the privacy implications of hybrid cloud applications such push-cloud messaging and use of our techniques for supporting scalable privacy preserving data analysis, including hybrid-cloud based malware analysis that also protects cloud user’s privacy (e.g., exposing their data to the cloud), and the potential of using SGX for such scalable secure data analysis and its privacy implications, particularly the risks of side channel leaks.

The impacts of our security analyses are significant and far-reaching.  Our findings of information leaks on push clouds caused the change of the designs and implementation of Google Cloud Messaging, Amazon Device Messaging, etc. Our studies on the limitations of ORAM to provide privacy protection for hybrid clouds and SGX side channel leaks also influence the follow-up research on these directions.  We patented our techniques to support hybrid-cloud genomic data analysis. The study on the techniques becomes a foundation for our high-impact iDASH Genome Privacy Competition. Also our cloud-based mobile scanner has been used by over 100 organizations around the world and are continuously used to compare with new techniques proposed. The project has resulted in 8 papers on leading security venues and other papers in different application domains of our techniques, such as intrusion detection (RAID) and biomedical research (BMC Medical Genomics).

Broader Impacts. The outcomes of this project have been extensively disseminated.  We continue to release the systems related to the project whenever the code becomes mature enough.  We are further communicating with different parties to explore the potential of technical transfers.  Also, the project involved HBCU students through summer internships, helping them understand privacy-preserving data analysis on hybrid clouds. We also gave talks and presented the outcomes of the research through numerous conferences and invited visits around the world.

 

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

 


Last Modified: 12/14/2017
Modified by: Xiaofeng Wang

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.