The problem being solved: Cloud computing services allow organizations to rent computing resources from a cloud provider, who manages the security of those rented machines. But cloud tenants (the systems administrators for the renter organizations) have no way to verify the cloud’s security for themselves. As a result, many organizations with sensitive data, such as financial institutions and the federal government, are reluctant to consider cloud services despite the benefits of flexibility and low costs. The security chips typically used to protect data outside the cloud, called Trusted Platform Modules (TPM), have long been incompatible with cloud technology.
The technology solution: Free, open-source Keylime software, developed at MIT Lincoln Laboratory, is an intermediary that gives users the security benefits of a TPM without having to make all of their software compatible with it. Keylime continuously verifies the integrity of the tenant’s cloud machine and allows users to upload sensitive data without divulging their secrets to the cloud provider. If Keylime’s cloud verifier detects anything unexpected, it notifies the tenant and can automatically respond to the threat and limit the damage in just a few seconds.
The tech transfer mechanisms: In 2015, collaborative agreements with Boston University and Northeastern University allowed MIT-LL to test and further develop the Keylime technology for the Massachusetts Open Cloud (MOC) project. This opportunity facilitated peer-reviewed research and real-world experience validating Keylime’s protocols, and it gave the software valuable exposure to MOC stakeholders like Red Hat and Intel. The Department of Homeland Security’s Transition to Practice program (now the Commercialization Accelerator Program) helped fund a 2018 pilot program with Red Hat, building on discussions that started with the MOC project.
The tech transfer excellence: This transition effort went beyond the release of an open-source software product: It cultivated a community to help achieve the goals of many organizations. Collaborations with the MOC and Red Hat generated opportunities that might not have been possible had the product’s distribution been limited to a commercial partner or government sponsor. Building up a large community of developers around the world, a difficult feat in itself, means that Keylime no longer relies on any single entity to continue feature additions, maintenance and improvements.
The outcomes: The Red Hat partnership facilitated Keylime’s acceptance in 2019 as a sandbox technology for the Linux Foundation’s Cloud Native Computing Foundation; with 43% of the global share of computer operating systems worldwide, Linux is a major player in the cloud open-source community. Keylime has now been integrated into Fedora Linux, IBM’s cloud fleet, and Red Hat’s Enterprise Linux operating system—a rare achievement for an open-source software product. More than 50 open-source developers are contributing to Keylime from around the world.
Click on any images below to view larger versions and photo captions.