My research is trying to solve a following question, “how can we make the distributed system secure keeping scalability and performance in mind?” Distributed system includes Cloud, Grid, Internet of Things (IoT), Mobile, etc. The Cloud computing system has been prevalent everywhere in our daily life. The Cloud computing system provides computing resources on demand. These computing resources are virtualized in terms of hardware or software. My current research concentrates on securing software based virtualization, which we call Container. The IoT comprises of Container based Cloud resources, heterogeneous IoT devices, and IoT platform. My research spans across every IoT components including devices, platform, and underlying Cloud infrastructure considering security. Utilizing Container resources for data science is an additional research effort that I can make.

Container and Security

Container is a piece of software wrapped in a file-system that contains everything that it needs to run such as binary, libraries, system tools. Compared to Virtual Machine (VM) that is a traditional Cloud server containing a guest Operating System (OS), container is lightweight, thus it is significantly fast to deploy and restart, less overhead, and easy to migrate. Container is a new and promising technology that helps Cloud resource providing vendors increase the return of investment. Many organizations started to migrate from VM to Container. However, Container is less secure than VM because the gap between the two containers, and container and underlying host is thinner than the gap between the two VMs, and VM and host since there are additional guest OS and hypervisor for VMs [Figure 1]. Even though the OS provides kernel-level functions to cover the thin gap by isolating the OS resources such as processes, file-system, devices, UID, network interfaces, etc. between the Containers, when a malware (rootkits) running in the kernel level compromises the host, such isolation can be invalidated. The objective in this research is to show possible threats in the container environment when the kernel level rootkits exploit it, and deliver a detection module to find out the presence of the rootkits. The rootkits have unique behavior patterns to exploit the Containers. Such behaviors are automatically retrieved from the sample rootkits with various methods such as semantic analysis and deep learning.

Figure 1. Virtual Machines vs. Containers

Internet of Things and Security

Things data collected from the end point devices are processed in an IoT platform to provide meaningful information and integrated services to smart or intelligent applications. Such a platform needs to be built on scale-out cloud infrastructure supporting flexible computing powers as well as storage resources. The big benefit of using this IoT platform is to interface heterogeneous devices and various smart/intelligent applications in standardized protocols. When different types of information is combined and analyzed, meaningful information is generated and thus precise decision can be made. The IoT platform can cover any type of things, for example, industrial sensors, medical embedded devices, connected vehicles, flying drones, etc.

In order to secure the IoT platform, various aspects of security for each component should be considered. In infrastructure level, Container security will cover the possible vulnerabilities described in Section A. Securing the end-point devices as well as embedded software are important and urgent research area to conduct. The embedded devices are open to public, and have no centralized management, thus can be stolen and are hard to be patched. In order to address these issues, IoT platform should be able to provide unified and standardized secure interface that manages and communicates to end point devices. From this interface, the forgery of software installed at the devices can be detected and prevented. From the big-data analytics, security services can be provided for predicting potential threats with the records of evidences. This prediction is based on the deep-learning and machine learning techniques.

Figure 2. IoT Platform

Cloud Computing for Data Science

Simulation in Data Science such as hydroclimatology and bioscience requires highly intensive resources in terms of computation and data to perform simulations. Setting up complex experiment environment and configurations to submit jobs in computational clusters as well as managing user’s limited storage spaces by transferring big size data into the secondary storage are complicated and time-consuming. As a possible answer to address such issues in data science research, new technologies, Container Cloud-based Software-Defined Storage have been introduced. Those two combined technology supports data science simulations strengthening Containers in terms of flexibility of data handling and storage scalability.

The simulation on hydroclimatology simulation programs, for example have many implicit dependencies on programs, libraries, and other components. As a consequence, a simulation created and built in one environment does not run correctly in another environment without significant efforts. In the past, hardware virtualization was used as an answer, but due to performance issue, as described in Section A, Containers technology has recently been proposed. In pre-built Container images, software dependency issues have already been resolved and adjusted. By using pre-built image that contains installation of various software required to run the models and complex dependencies, hydroclimatic researchers can run their same simulation cases on different platforms.

Research Thrusts

Container Rootkit Detection

Secure Virtualization

Accountable Cloud Computing

Secure Internet of Things (IoT)

Research Projects

“Behavior-based Kernel Level Rootkit Detection in Container Systems PI: W. Lee, N. Alexander, 05/01/16-12/30/16.