IARPA posts ClaaS RFI
On July 7, the Intelligence Advanced Research Projects Activity (IARPA) posted a new request for information regarding U.S. cloud providers offering new (ClaaS) Classified as a Service to US government customers (Solicitation Number: IARPA-RFI-17-05). Responses are due no later than 4:00pm Eastern Time on July 28.
The Intelligence Advanced Research Projects Activity (IARPA) wishes to determine if there is interest among large U.S. owned infrastructure as a service (IaaS) providers in new technologies and techniques to enable the most sensitive computing workloads to be executed on a public cloud. For the purposes of this RFI, large U.S. owned IaaS providers are defined as those U.S. owned entities that have multiple data centers located both in the U.S. and throughout the world that provide services similar to IaaS to the general public. Classified as a Service (ClaaS) is an IARPA concept that imagines a classified private enclave encompassing multiple public cloud nodes in multiple locations to accommodate general-purpose, classified workloads elastically based on demand. The objective is to accomplish this by replicating as closely as possible the properties of current air-gapped private enclaves within the public cloud for finite periods of time.
This request for information (RFI) is issued for information gathering and resource planning purposes; Positive responses to this RFI may be used to determine which IaaS cloud providers are considered for potential partnerships with IARPA in future ClaaS research efforts. This RFI does not constitute a formal solicitation for proposals. The following sections of this announcement contain details of the scope of technical efforts of interest, along with instructions for the submission of responses.
Background & Scope
The cost of maintaining and procuring private infrastructure for classified/sensitive workloads for the government continues to get increasingly more expensive compared to the cost of leveraging commercial cloud resources. This disparity may increase exponentially over the next decade. Existing IaaS offerings require customers to trust the software stack and employees of the cloud provider and are subject to numerous potential side-channel attacks due to shared resources. This is not acceptable to customers with the most sensitive data processing needs. A promising new cloud service that ClaaS could leverage is starting to appear within commercial clouds. This service referred to as bare metal as a service (MaaS) offers exclusive use of a cloud server machine for preset periods of time. Though this service eliminates the possibility of many side-channel attacks, MaaS as currently conceived still exposes customer data to the risk of exfiltration by sophisticated threats. Fully Homomorphic Encryption (FHE) methods are being developed to perform very specific computations on untrusted platforms but require very high processing overheads and are unlikely to accommodate the entirety of the government’s classified codebase. IARPA is interested in developing new technologies and techniques that will enable public cloud operators to provide secure, classified, general purpose processing to the government in an acceptable manner while providing costs and flexibilities comparable to other public cloud customers.
Full information is available here.