About this CFP
Amazon Payments builds foundational systems that allow Amazon to accept payment for all goods, content, and services that people buy from Amazon around the world. In Amazon Payments, we invest in innovative and scalable security solutions that maintain customer trust in Amazon.
We welcome proposals related to securing payments infrastructure, especially in the following areas:
- Automatic data classification – Data sensitivity classification is an essential part of application security reviews. It guides where attention is focused and what controls are applied. We are interested in funding work that automatically infers data classification based on system design, system infrastructure, source code, and data classification policy.
- Automatic privacy – Ever growing privacy concerns, along with rules and regulations promulgated by multiple entities, require increased amounts of metadata to track which rules apply to what data. We are interested in funding research towards automating any stage of the process. For example, automating the ingestion of natural language rules and regulations, automating the augmentation of records with new metadata to comply with a machine-readable policy, or automating the generation of controls from machine-readable policies.
- Multi-tenancy code verification – Multi-tenant code achieves performance wins by using shared compute resources to operate on data belonging to different data owners. Security of multi-tenant systems requires strong data separation guarantees between tenants. This separation is ensured by the application code that acts on behalf of clients on a per-request basis. We are interested funding the development tools and techniques to enable lightweight verification of tenant separation (ex: non-interference) for multi-tenant code.
- Verifiable computation – In microservice-based architectures, a single customer transaction may be processed by several different services. The final result depends on correct computations by each of the intermediate services. We are interested in funding the development of techniques to independently verify computations.
- Correlated alarming – In microservice-based architectures, the actions of one service are often closely correlated with actions of another service. This allows us to detect anomalies by comparing metrics between these services. We are interested funding the development of techniques to identify correlated metrics, to propose correlation-based alarms, and to make correlated alarms robust to the noise associated with production systems.
Timeline
Submission period: August 16 - October 8, 2021
Decision letters will be sent out March 2022
Award details
Selected Principal Investigators (PIs) may receive the following:
- Unrestricted funds, no more than $80,000 USD on average
- AWS Promotional Credits, no more than $20,000 USD on average
- Training resources, including AWS tutorials and hands-on sessions with Amazon scientists and engineers
Awards are structured as one-year unrestricted gifts. The budget should include a list of expected costs specified in USD, and should not include administrative overhead costs. The final award amount will be determined by the awards panel.
Eligibility requirements
Please refer to the ARA Program rules on the FAQ page.
Proposal requirements
Proposals should be prepared according to the proposal template. In addition, to submit a proposal for this CFP, please also include the following information:
- Please list the open-source tools you plan to contribute to.
- Please list the AWS AR/ML tools you plan to use and data you plan to obtain.
Selection criteria
ARA will make the funding decisions based on the potential impact to the research community, quality of the scientific content, and relevance for Amazon Payments customers.
Expectations from recipients
To the extent deemed reasonable, Award recipients should acknowledge the support from ARA. Award recipients will inform ARA of publications, presentations, code and data releases, blogs/social media posts, and other speaking engagements referencing the results of the supported research or the Award. Award recipients are expected to provide updates and feedback to ARA via surveys or reports on the status of their research. Award recipients may have an opportunity to work with ARA on an informational statement about the awarded project that may be used to generate visibility for their institutions and ARA.