On May 31, the Intelligence Advanced Research Projects Activity (IARPA) released a request for information on Creating a Classified Processing Enclave in the Public Cloud (Solicitation Number: IARPA-RFI-17-04). Responses are due by 4:00pm Eastern on June 19.
The Intelligence Advanced Research Projects Activity (IARPA) is seeking information on potential technologies and techniques to securely provide a private enclave encompassing multiple public cloud nodes to accommodate general-purpose, classified workloads elastically based on demand. The objective is to accomplish this by replicating as closely as possible the properties of an air-gapped private enclave within the public cloud for finite periods of time.
This request for information (RFI) is issued solely for information gathering and planning purposes; this RFI does not constitute a formal solicitation for proposals. The following sections of this announcement contain details of the scope of technical efforts of interest, along with instructions for the submission of responses.
Background & Scope
The cost of maintaining and procuring private infrastructure for classified/sensitive workloads for the government continues to get increasingly more expensive compared to the cost of leveraging commercial cloud resources. This disparity may increase exponentially over the next decade. There has been some initial work in the public space attempting to provide more secure computing environments in a commercial cloud. Unfortunately none of these efforts by themselves are currently a viable solution.
AMD (SEV), Intel (SGX), Power and ARM processors are introducing some isolation and integrity protection solutions which can isolate certain regions of memory from being read by a general operating system but not from a complicit insider. Fully Homomorphic Encryption (FHE) methods are being developed to perform very specific computations on untrusted platforms but require very high processing overheads and are unlikely to accommodate the entirety of the government’s classified codebase.
IARPA is interested in developing new technologies and techniques that will enable public cloud owners to provide secure, classified, general purpose processing to the government in an acceptable manner while providing costs and flexibilities comparable to other public cloud customers.
Within this topic, areas of interest include:
– Novel techniques or technologies that can aid in the provisioning of elastic, isolated cloud resources
·- Establishing proof of execution of multipurpose scripts on untrusted remote computer systems
·- Isolating/disabling computer input/output capabilities temporarily
·- Verification techniques to independently ensure computer I/O
·- Trusted hardware encryptor technologies that can be employed in servers with customized functionalities
·- Performant methods of scrubbing/obfuscating DRAM to prevent cold boot attacks
·- Protecting, ensuring, and quickly replacing server and device firmware
·- Preventing covert channel communications between two adjacent network servers
·- Secure multiparty computational, secret sharing, verifiable computing methods, etc. suitable for protecting or verifying such an environment
·- Physically uncloneable functions
Full information is available here.