Partnership will redesign data centre computing to improve security of the cloud

A new partnership between Imperial and the Technology Innovation Institute (TII) in Abu Dhabi aims to boost the security of cloud computing services.

Cloud computing, in which data and software are accessed via the internet rather than stored locally on personal laptops and smartphones, was until quite recently a novel concept, but is now a pervasive feature of our digital lives. It powers widely used mobile messaging and email apps, and the productivity suites that office workers use to collaborate online. It will play an even greater role when the Internet of Things (IoT) takes off and devices such as kitchen appliances and industrial machinery become internet-connected as standard, reporting sensor data to cloud servers.

Many of the digital services we use every day are hosted on the cloud, but the hardware and software it uses was not designed with cyber security in mind. “Security has not changed much from traditional operating systems that pre-date the internet and the era of cloud services,” says Professor Pietzuch.

But Professor Peter Pietzuch in Imperial’s Department of Computing, the partnership’s academic lead, says that the devices and operating systems typically used to host cloud services in data centres were not designed with cyber security in mind. “Security has not changed much from traditional operating systems that pre-date the internet and the era of cloud services,” he says. 

Limitations with the security of these systems have contributed to the regular occurrence of data theft, ransomware attacks – in which cybercriminals hijack an organisation’s data and demand a ransom to restore it – and attacks from other kinds of malware. These threats could pose ever greater risks to society as vital infrastructure such as the NHS becomes increasingly reliant on digital services and IoT.

The research partnership between Imperial and TII will work toward mitigating these risks by redesigning the hardware and software that the cloud runs on, from the ground up. “The project aims to rethink what the hardware and software stack in cloud environments should look like when you design them with security in mind,” says Professor Pietzuch.

Compartmentalising data

The project will address the key challenge of ensuring data centre servers are isolated from one another so that a malicious cloud tenant cannot access data belonging to another, while also enabling servers to communicate efficiently for legitimate purposes, particularly for data-intensive computation tasks that are sometimes parallelised over thousands of machines.

This is a scientific problem. Companies have been plugging one hole after the other, but there is no end in sight. We're trying to step back and rethink software stacks so we don’t face the same repeated problems. We need a fundamental shift or things could get worse and worse. Professor Peter Pietzuch Department of Computing

The project will work toward developing software and hardware architectures, building on existing AArch64 and RISC-V processor architectures, to allow data to be well compartmentalised while enabling efficient sharing.

Dr Shreekant (Ticky) Thakkar, Chief Researcher at TII’s Secure Systems Research Centre (SSRC), said: “The research project with Imperial aims to find solutions based on AArch64 and fits nicely with other research and use cases as SSRC is doing a lot of work on ARM-based and RISC-V platforms and on OS [operating systems] in phones and drones. Easily applicable to today’s mobile devices, the project’s solutions will simplify the unification of cloud and edge security approaches.”

“We are talking about new low-level security mechanisms in modern computer architectures,” says Professor Pietzuch. “Malicious attackers can currently exploit unauthorised access to data in a lot of ways – for example, to leak data or install ransomware. Instead of thinking about very specific high level attacks and coming up with mitigations against them, our approach will deal with a number of security challenges by helping create a hardware and software stack that is secure at every layer.” 

Fundamental research meets applied thinking

Professor Pietzuch emphasises that this requires fundamental research. “This is a scientific problem. Companies have been plugging one hole after the other, but there is no end in sight. What we’re trying to do is step back and consider how to fundamentally rethink software stacks so we don’t face the same repeated problems. We need a fundamental shift so we can move to something less vulnerable, or in the future things could get worse and worse.”

Cyber security is an area in which we can only make real headway by bringing together basic research of the kind carried out at Imperial and an understanding from industry experts of the problems and challenges faced in the real world. Dr Rebeca Santamaria-Fernandez Director of Industry Partnerships and Commercialisation, Faculty of Engineering

“A lot of people at TII are applied industrial researchers. They bring in an industry view where they ask the right types of questions. They talk about usability aspects and when we devised the project they provided very useful input, steering things so we are aware of where the hard problems lie. It’s great to be partnering with them on this important project.”

Dr Rebeca Santamaria-Fernandez, Director of Industry Partnerships and Commercialisation for Imperial’s Faculty of Engineering, said: “Cyber security is an area in which we can only make real headway by bringing together basic research of the kind carried out at Imperial and an understanding from industry experts of the problems and challenges faced in the real world. I’m delighted about this partnership, which will combine the world-leading expertise of Professor Pietzuch and colleagues and the fantastic resources and expertise of the Technology Innovation Institute.” 

Industry research

Imperial facilitates industry partnerships, technology commercialisation, and other activities that help translate research into real-world benefits for industry and society through its Enterprise Division.