Dr. Brendan Dolan-Gavitt, an assistant professor in the Computer Science and Engineering Department at NYU Tandon, will serve as principal investigator on a $1.2 million dollar grant recently awarded by the National Science Foundation. Under the four-year grant, Dolan-Gavitt will work with his CSE colleague, Dr. Justin Cappos, to develop a strategy to secure containers used to isolate and protect data in cloud computing environments. The grant will fund the TRACKS (TRimming Augments Container Kernel Security) project, which addresses a weakness in container environments by hardening the Linux kernel.
The TRACKS research initiative builds on the central premise that frequently accessed code is less likely to have security flaws than code which is only rarely accessed, a premise supported by a previous NSF-funded study. The current work will apply this idea to container security by placing security monitoring and additional checks into the portions of the Linux kernel that are most likely to be vulnerable, and then incorporating these kernels into real-world cloud environments.