UB to make cloud computing containers more secure with new federal grant

Cyber security.

By Tom Dinki

Published November 23, 2022

In the world of cloud computing, containers provide an efficient way to run applications but leave something to be desired when it comes to security. The University at Buffalo, considered a leader in cyber research by the National Security Agency, will now try to create containers that are both efficient and secure.

Print
"One of our department's goals is to be recognized nationwide and internationally in the area of cybersecurity. The research supported by this grant will push CSE toward achieving this goal."
Jinhui Xu, professor and chair
Department of Computer Science and Engineering
Ziming Zhao, Principal Investigator.

Ziming Zhao, Principal Investigator

The School of Engineering and Applied Science’s Department of Computer Science and Engineering (CSE) has received a two-year, $490,879 grant (H98230-XX-1-0XXX) from the National Centers of Academic Excellence in Cybersecurity, which is housed at the NSA. The grant could be extended for a third year with an additional $250,000. 

“One of our department's goals is to be recognized nationwide and internationally in the area of cybersecurity,” says Jinhui Xu, professor and chair of CSE. “The research supported by this grant will push CSE toward achieving this goal.”

The research will focus on containers, software units that bundle together code and dependencies, allowing applications to run quickly and reliably from any computing environment. 

They’ve emerged as a popular, lightweight alternative to virtual machines over the last decade. Alphabet Inc. uses containers to run everything from Google Search to YouTube, and the application container market is expected to reach $12 billion by 2028.

“Container popularity has grown dramatically,” says Ziming Zhao, assistant professor in CSE and the grant’s principal investigator. “Containers not only reduce the required resources for deployment, but they can be brought online or quickly deleted in a matter of seconds.”

However, Zhao says containers achieve this superior performance at the cost of security. Whereas virtual machines are more isolated, containers share the same host operating system, making it possible that an exploit in one container could impact the shared hardware.  

Zhao, along with co-principal investigators from the Department of Computer Science and Engineering Hongxin Hu, associate professor, and Shambhu Upadhyaya, professor, will attempt to use a field-programmable gate array (FPGA) to build novel containers that are both efficient and secure. 

“We are proposing an FPGA hardware and software co-design framework to build high-assurance containers,” Zhao says. 

UB was eligible for the grant because of its status as a Center of Academic Excellence in Cyber Defense and a Center of Academic Excellence in Cyber Research. Such institutions must meet rigorous requirements set by the NSA and are committed to producing cybersecurity professionals that will reduce vulnerabilities in the United States’ infrastructure.

But with over 300 centers across the country and limited funding, these grants are rather competitive, says Upadhyaya, who is also SEAS strategic lead of cybersecurity research and director of the Center of Excellence in Information Systems Assurance Research and Education. Upadhyaya credits Zhao and Hu’s prior research of hardware security and trustworthy computing for making UB stand out. 

“We are quite excited about being selected for this award, which will enable us to support several students as research assistants and make contributions to the security field,” Upadhyaya says.