Classified as a Service (Claas) to US government customers
The Intelligence Advanced Research Projects Activity (IARPA) wishes to determine if there is interest among large U.S. owned infrastructure as a service (IaaS) providers in new technologies and techniques to enable the most sensitive computing workloads to be executed on a public cloud. For the purposes of this RFI, large U.S. owned IaaS providers are defined as those U.S. owned entities that have multiple data centers located both in the U.S. and throughout the world that provide services similar to IaaS to the general public. Classified as a Service (ClaaS) is an IARPA concept that imagines a classified private enclave encompassing multiple public cloud nodes in multiple locations to accommodate general-purpose, classified workloads elastically based on demand. The objective is to accomplish this by replicating as closely as possible the properties of current air-gapped private enclaves within the public cloud for finite periods of time. This request for information (RFI) is issued for information gathering and resource planning purposes; Positive responses to this RFI may be used to determine which IaaS cloud providers are considered for potential partnerships with IARPA in future ClaaS research efforts. This RFI does not constitute a formal solicitation for proposals. The following sections of this announcement contain details of the scope of technical efforts of interest, along with instructions for the submission of responses.;
Background & Scope
The cost of maintaining and procuring private infrastructure for classified/sensitive workloads for the government continues to get increasingly more expensive compared to the cost of leveraging commercial cloud resources. This disparity may increase exponentially over the next decade. Existing IaaS offerings require customers to trust the software stack and employees of the cloud provider and are subject to numerous potential side-channel attacks due to shared resources. This is not acceptable to customers with the most sensitive data processing needs. A promising new cloud service that ClaaS could leverage is starting to appear within commercial clouds. This service referred to as bare metal as a service (MaaS) offers exclusive use of a cloud server machine for preset periods of time. Though this service eliminates the possibility of many side-channel attacks, MaaS as currently conceived still exposes customer data to the risk of exfiltration by sophisticated threats. Fully Homomorphic Encryption (FHE) methods are being developed to perform very specific computations on untrusted platforms but require very high processing overheads and are unlikely to accommodate the entirety of the government’s classified codebase. IARPA is interested in developing new technologies and techniques that will enable public cloud operators to provide secure, classified, general purpose processing to the government in an acceptable manner while providing costs and flexibilities comparable to other public cloud customers.
Responses to this RFI should answer any or all of the following questions:
- Would you be interested in participating with IARPA and its academic and commercial partners in developing technologies and techniques that might eventually lead to ClaaS offerings within your public infrastructure?
- How do you envision your level of participation in developing such technology?
- Would you be willing to evaluate or advise on technology developed under an IARPA program?
- Would you be willing, subject to NDAs/confidentiality agreements, to share potentially proprietary information with the IARPA program manager (PM) and/or performer teams? If not, please describe your preferred approach?
- How might you effectively manage a service like ClaaS where your servers are periodically owned by somebody else and isolated from the rest of your infrastructure only to be returned to your inventory for eventual use by other customers?
- Do you believe other customers besides the IC would be interested in this service? Which ones?
Preparation Instructions to Respondents
IARPA requests that respondents submit ideas related to this topic for use by the Government in formulating a potential program. IARPA requests that submittals briefly and clearly describe the potential approach or concept, outline critical technical issues/obstacles, describe how the approach may address those issues/obstacles and comment on the expected performance and robustness of the proposed approach. This announcement contains all of the information required to submit a response. No additional forms, kits, or other materials are needed.
IARPA appreciates responses from all capable and qualified U.S. owned sources from within and outside of the US.
Because IARPA is interested in an integrated approach, responses from teams with complementary areas of expertise are encouraged. Responses have the following formatting requirements:
- A one page cover sheet that identifies the title, organization(s), respondent's technical and administrative points of contact - including names, addresses, phone and fax numbers, and email addresses of all co-authors, and clearly indicating its association with RFI-17-05;
- A substantive, focused, one-half page executive summary;
- A description (limited to 5 pages in minimum 12 point Times New Roman font, appropriate for single sided, single-spaced 8.5 by 11 inch paper, with 1-inch margins) of the technical challenges and suggested approach(es);
- A list of citations (any significant claims or reports of success must be accompanied by citations);
- Optionally, a single overview briefing chart graphically depicting the key ideas.
Submission Instructions to Respondents
Responses to this RFI are due no later than 4:00 p.m., Eastern Time, on 28, July 2017. All submissions must be electronically submitted to firstname.lastname@example.org as a PDF document. Inquiries to this RFI must be submitted to email@example.com. Do not send questions with proprietary content. No telephone inquiries will be accepted.
Disclaimers and Important Notes
This is an RFI issued solely for information and planning purposes and does not constitute a solicitation. Respondents are advised that IARPA is under no obligation to acknowledge receipt of the information received, or provide feedback to respondents with respect to any information submitted under this RFI. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Respondents are solely responsible for all expenses associated with responding to this RFI. IARPA will not provide reimbursement for costs incurred in responding to this RFI. It is the respondent's responsibility to ensure that the submitted material has been approved for public release by the information owner.
The Government does not intend to award a contract on the basis of this RFI or to otherwise pay for the information solicited, nor is the Government obligated to issue a solicitation based on responses received. Neither proprietary nor classified concepts nor information should be included in the submittal. Input on technical aspects of the responses may be solicited by IARPA from non-Government consultants/experts who are bound by appropriate non-disclosure requirements.
Contracting Office Address:
Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity
Washington, District of Columbia 20511
Primary Point of Contact:
IARPA-RFI-17-05 CLOSEDPosted Date: July 7, 2017
Responses Due: July 28, 2017