Security for System S - overview
System-S is an exploratory, grand challenge, prototype system being developed by IBM Research to support highly dynamic applications that extract information and knowledge by analyzing enormous volumes of relatively unimportant data. System-S is being designed to react quickly to events, changing requirements and priorities, handle orders of magnitude more data than existing systems, handle rapidly changing data formats and types and to constantly prioritize and adjust ongoing analysis since the amount of data and work will always exceed available computing resources.
Securing System-S is in itself a grand challenge. On one hand it has to be protected from attacks (such as data-driven attacks) while providing secrecy, integrity and privacy protection for data, intermediate and final results. On the other hand, most of the analysis engines and platforms are expected to have low trustworthiness and also, given the highly dynamic nature of the environment, requirements and priorities, granting users exceptional accesses to results would be the norm. We are exploring how with minimal use of trustworthy components such as secure hypervisors (such as sHype), risk adaptive access control and integrity protection policies with dynamically adjustable risk tolerance, we can manage the risks of damage from application/platform compromise and unauthorized disclosure of information, without substantially impacting system performance.
As part of this project we developed a risk adaptive access control model called Fuzzy MLS. A paper was presented at the 2007 IEEE Symposium on Security and Privacy . More details on FuzzyMLS and a brief overview of the System S Security Architecture can be found in the IBM Research Report RC 24190. Other related papers cab be found here.