The following example is shared with permission from PI Luyi Xing from Indiana University:
NSF Award Number: 2145675
Cloud Resource Amount Request: $15,000
Public Cloud Provider(s) Requested: Amazon Web Services, Microsoft Azure
Cloud Calculator Estimate URL: https://calculator.aws/#/estimate?id=c600853efc4228cc422dd337c105ae6297feb3cb
Cloud Request Justification: This project is to investigate the security of Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) IoT cloud services (e.g., AWS IoT Core, Azure IoT Hub), one of the key pillars of the foundation upon which modern IoT systems rest (Smart Home, Industrial, Smart City, Retail, and Health applications, etc.). Modern IoT manufacturers increasingly take advantage of the much-less studied, managed PaaS and IaaS IoT cloud services, which offload much of the security responsibilities and deployment burden to the public cloud providers. IoT clouds must trust-manage hundreds of millions of IoT devices and users, and provide device manufacturers reliable and usable tools for secure IoT deployments. In the IoT cloud systems, compromised security or improper deployments can cause hazardous and deadly consequences. The objective of this project is to verify and protect modern IoT cloud systems from cyberattacks, achieving high security assurance. The outcomes of the proposed work will establish the foundational scientific theory, security principles, and practices that define the field of IoT cloud security.
In the coming year of the project, we need to access IoT cloud services (AWS IoT and Azure IoT) for one major milestone: experiment, deploy and verify IoT access control policies supported by the IoT clouds. Specifically, we will explore the attack space in the cloud-based IoT deployment, error space and vulnerability patterns in cloud-IoT security policies and corresponding domain-specific languages (DSL). This will be finished by developing novel formal methods to verify cloud-IoT access policies and we will host an IoT access-policy verification service on AWS EC2 that is accessible to IoT manufacturers, who can verify their policies to eliminate policy vulnerabilities before deployment to production.
We calculated the cloud usage as follows: (1) we budget two AWS EC2 instances to develop and host the IoT policy verification service; (2) we budget quota to use the AWS IoT core and Azure IoT Hub services to explore the attack space in the cloud-based IoT deployment, error space and vulnerability patterns in cloud-IoT security policies and corresponding domain-specific languages (DSL); (3) all intermediate/final results of policy verification and vulnerability findings are stored in a cloud-based database such as AWS DynamoDB that will be made accessible to the research community and industry without any restrictions.