Community Research and Development Information Service - CORDIS

H2020

CLARUS Report Summary

Project ID: 644024
Funded under: H2020-EU.2.1.1.3.

Periodic Reporting for period 1 - CLARUS (A FRAMEWORK FOR USER CENTRED PRIVACY AND SECURITY IN THE CLOUD)

Reporting period: 2015-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

Although cloud computing offers many benefits to its users, security issues such as confidentiality and privacy are still major concerns to those intending to migrate to the cloud. Traditional cloud security has been based on assurance to customers that cloud providers follow sound security practices. As a result, current security mechanisms are commonly located within the cloud platform, hence compelling customers to trust cloud providers. However, customers might be reluctant to outsource sensitive data due to lack of control over data storage and management. To reach its full potential, cloud computing needs solid security mechanisms that enhance trust in cloud computing by allowing cloud customers a greater control on the security and privacy of their data.

The main objective of the CLARUS project is to enhance trust in cloud computing services by developing a secure framework for the storage and processing of data outsourced to the cloud that allows end users to monitor, audit and control the stored data without impairing the functionality and cost-saving benefits of cloud services. The CLARUS solution will provide the end user with a dedicated proxy located in a trusted domain implementing security and privacy features towards the cloud provider. The proxy is intended for deployment within the client computer, in a server within the user’s domain, in an edge device (e.g. a router), or in any other location trusted by the user. CLARUS will also provide a set of security auditing services enabling the user to supervise the security operations performed by the CLARUS framework as well as other trust-enhancing features.

The beneficiaries of the CLARUS solution will be, on the one side, potential cloud customers like companies, public organisations and e-government administrations, which could thereby be motivated to embrace the benefits of trusted cloud services while retaining full control over any potentially sensitive data they outsource to the cloud. On the other side, the cloud providers themselves can also benefit because a trust-enabling solution like CLARUS will widen the spectrum of potential cloud users, which implies a market opportunity for cloud providers.

In the long term, initiatives like CLARUS can pave the way to developing more transparent, standardised, auditable and controllable cloud services, which will be beneficial for all stakeholders.

In order to meet the main objectives of CLARUS, the following sub-objectives have been established:
• Define a set of techniques to enhance security and privacy in clouds. The objective is to drive research on solutions that enable the user to enforce the protection of his or her data with respect to the CSP, while at the same time retaining the functionality and benefits offered by the CSPs. By exploiting or designing state-of-the-art methods and techniques, as well as pursuing new research in the areas of cryptography, document anonymisation, statistical disclosure control, and privacy-preserving data mining, CLARUS aims to provide a general toolkit of data securisation solutions supporting the use of a wide range of data types, cloud services, and user queries.
• Create an attack-tolerant integral framework for data storage in the cloud that includes especially designed intrusion and vulnerability detection mechanisms and mitigation procedures. In order to manage cloud security, CLARUS proposes to design attack tolerant systems that integrate intrusion detection methods, different defence strategies, and countermeasure techniques.
• Design a service-oriented and interoperable-by-design architecture conforming to the proposed security and privacy framework and attack-tolerant cloud system. Based on the requirements for security, privacy and intrusion tolerance, an architecture will be designed in which end users are provided with user-friendly methods to run the security mechanisms and audit the corresponding securised cloud services. The interaction with the CSP will be carefully considered, and security-enhanced data exchanging protocols will be defined in order to enable a coherent management of securised data within the cloud domain. The provided architecture and protocols are intended to establish a standard supported by a wide range of CSPs and end users, thereby ensuring interoperability in collaborative, standardised and transparent cloud environments.
• Design and implementation of the CLARUS platform. The CLARUS platform will be implemented according to the provided architecture. In the design of security mechanisms, countermeasures and mitigation strategies against attacks, issues such as encryption, key management, compliance, auditing, scalability, and efficiency will be considered, so that a practical and feasible solution can be obtained.
• Provide input to European standardisation bodies and existing open platforms concerning the results of the CLARUS approach. The standardisation effort will concern mainly the protocols enforced by both the CSPs and the CLARUS module. In particular, MTI and TR-I will contribute to the ETSI security group.
• Ensure that legal requirements are embedded in the CLARUS solution by conducting research into the underlying legal concerns, with specific attention to privacy and data protection as well as the legal particularities around cloud computing. KUL will provide guidance with regard to the legal compliance of CLARUS.
• Demonstrate, test and evaluate the usability of the designed framework, technique and tools with the help of end-users applications. A wide range of generic cloud services will be considered, ranging from raw data storage to high-level business logics. Generic functionalities to be supported and securised (e.g. storage of raw and structured data, searching, collaborative document edition, data aggregation) will be identified, as well as the corresponding security issues (e.g. data leakage, identity disclosure, data integrity). Two specific application cases involving distinct final users will provide a test bed for evaluation. The first on is an e-Health application involving a public hospital, FCRB. The second one, provided by AKKA, concerns the evaluation of CLARUS by adapting an existing data management-oriented solution for coping with stronger security needs e.g. for the management of private geo-localised data, for bringing to the market access and usage of specific added-value scientific datasets; the test bed and evaluation will be articulated around the InGeoCloudS platform and its services in the environmental domain.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

We describe the work carried out during the reporting period towards the achievement of the aforementioned objectives:

• Define a set of techniques to enhance security and privacy of data outsourced to the cloud: This is the main goal of WP3-Security and privacy Framework. During the first 6 months of the project, we surveyed solutions suitable to tackle the security and privacy challenges identified within CLARUS (D3.1: Characterization of enabling technologies). This survey constituted the basis for the research carried out in T3.2 on the definition of new techniques and the adaptation of some of the existing ones to the cloud scenario. As a result of a close collaboration between the scientific partners of the consortium, the set of privacy-enabling techniques that are going to be deployed in the final CLARUS solution are already defined. Some of these solutions have been already presented at international conferences or published in international journals. Currently, we are still researching on these topics to improve the efficiency and flexibility of the solutions, which will be reported in D3.2: New Security techniques (a deliverable that will collate all the results obtained until M24).

• Create an attack-tolerant integral framework for data storage in the cloud that includes especially designed intrusion and vulnerability detection mechanisms and mitigation procedures. This is the main goal of T3.3: Security metrics and monitoring. In M10, we submitted D3.3: An attack-tolerant framework for the cloud, in which we presented an overview of monitoring and attack-tolerant techniques that will be used as a basis for the attack-tolerant framework to be integrated in the CLARUS platform. Detailed descriptions for attacks to be detected, monitored metrics and countermeasures were also included, along with mechanisms to detect and mitigate security and privacy issues. Later, in M18 we submitted D3.5: Adapted monitoring tool for the cloud. This deliverable describes the first version of the monitoring software package that enables the supervision of CLARUS client operations during runtime to detect errors, malicious behaviors and attacks. It presents an overview of the methodology (risk -based monitoring) to adapt a Montimage Monitoring Tool (MMT) tool to the CLARUS platform, together with a detailed description of the security monitoring performed by the adapted MMT. At the moment, since no real trace is captured yet from the CLARUS proxy (that is under implementation in WP5), the first version of the monitoring has been developed and tested with simulated data. The second version will include several attack examples that are presented in this document.

• Design a service-oriented and interoperable-by-design architecture conforming to the proposed security and privacy framework and attack-tolerant cloud system: The final version of the CLARUS architecture has been released in M18, as D4.2: Architecture v2. The partners involved in WP4-architecture have worked in the design of the CLARUS architecture from M7, in which the final requirements of the CLARUS platform were defined. Firstly, we submitted D4.1: Architecture v1, which specified the first version of the architecture of the CLARUS platform in M10. The resulting architecture addresses the requirements identified in WP2 and has been designed to achieve interoperability of the different components. The main component of this platform is a proxy in charge of protecting customers’ data in a transparent way, while these are stored and processed in the cloud. In this first version, we focused on an individual CLARUS proxy (even though this proxy may manage several users within the same organization). The final version of the architecture of the CLARUS platform considers a more general scenario involving multiple CLARUS proxies that will interact with each other and incorporates the advances achieved in WP3.

• Design and implementation of the CLARUS platform: WP5: CLARUS Implementation started as soon as the first version of the architecture was released (M12). The first step was to specify the CLARUS platform interfaces (i.e. the CLARUS-CSP, CLARUS end-user and CLARUS-CLARUS interfaces) according to the requirements stated in D2.2: Requirements SpecificationV1, in coherence with the architecture designed in D4.1: Architecture V1 and working in parallel with the definition of the final version of the CLARUS architecture. We have also defined the development platform and we have begun to implement the data operation modules responsible of protecting the outsourced data.

• Provide input to European standardization bodies and existing open platforms concerning the results of the CLARUS approach. This goal has been widely considered during the first 18 months of the project. In this respect, we submitted D2.5: Standardization requirements within the first 7 months. This deliverable reports on the standardization requirements to be considered within CLARUS and the implementation roadmap, effort and analysis, considering both the EU and the global landscape. Specifically, it maps the technical requirements identified in D2.2: Requirements Specification V1 to the identified standards. We have also worked on the introduction of standardization and interoperability requirements into the CLARUS architecture and protocols in task T4.2: Standardization and interoperability, and investigated the opportunity to contribute to standards with CLARUS lesson learnt in task T6.3 Contribution to standards. Specifically, D4.3, which summarizes this work, has been already submitted after the end of the first reporting period, and a preliminary evaluation has been integrated in D4.2, submitted in M18. Finally, we have monitored the standards global scene and prepared an engagement plan with Standards Development Organizations. A first version of this plan was issued within D7.1: Dissemination and standards report V1 and it has been updated in the second version of this deliverable, D7.2, which was submitted in M18.

• Ensure that legal requirements are embedded in the CLARUS solution. In the context of T2.3, KUL analyzed the applicable European legal framework, mainly on privacy and data protection, and took into account the draft proposal for a new European Data Protection Regulation. This study resulted in the specification of legal requirements and recommendations for the CLARUS system that were included in D2.4: Legal and Ethical Requirements. Then, KUL has been monitoring the correct integration of these requirements into the CLARUS technological platform (e.g., checking whether the applied data protection is coherent with current regulations on data privacy) and has clarified some legal issues. Moreover, KUL also wrote an addendum to D2.4 after the European Council approved the regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR ) on 14 April 2016.

• Demonstrate, test and evaluate the usability of the designed framework, technique and tools with the help of end-user applications. The CLARUS Platform will be evaluated and validated by a benchmark that is currently being defined. We plan to submit D6.1: CLARUS benchmarking test suite on time at the end of M24.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

Enhancing privacy, security and trust of end users with respect to the cloud providers is the main goal of the CLARUS project. To achieve this, the CLARUS solution consists in a proxy located in a domain trusted by the end user (e.g., a server in her company’s intranet or a plug-in in the user’s device) that implements security and privacy-enabling features towards the cloud service provider.
To enhance privacy, CLARUS implements a set of privacy-enabling mechanisms to ensure that the user’s sensitive data are properly protected before they are outsourced to the cloud. Protection is provided in a way that cloud service functionalities are still preserved, even those that require performing operations (e.g., queries, transformations, calculations) on the protected data. To achieve that, CLARUS draws on and innovates over the current state of the art on the following areas:

• Data encryption is the least flexible and most computationally expensive solution, but also the most secure one. In former solutions, this has been done either by introducing on-premises proxies or gateways that encrypt data before passing them to the cloud provider, or by using third-party encryption appliances based on the use of keys totally controlled by the costumer, thus limiting access to data by the cloud provider. However, these approaches imply either (i) an important loss of functionality, making it hard or impossible to perform certain operations on data: (ii) a lower degree of security, e.g. in the use of function-preserving encryption methods; or (iii) a loss of efficiency or data utility for both cloud costumers and CSPs, such as when using homomorphic encryption. In CLARUs, only a limited number of operations are supported with data encryption due to functional and efficiency requirements, like searching, which can be adequate for simple data storage services. A restricted set of arithmetical operations is also possible on encrypted data with homomorphic encryption is used. A certain degree of cooperation is required from the CSP to obtain consistent results. Access control for third-party users can be enabled by means of conditionally decryptable encryption methods. CLARUS carefully considers the management of encryption and decryption keys under direct control of the end users, especially in distributed scenarios and interproxy communications.

• Data anonymisation, which include a variety of methods based on i) searching sensitive pieces of information in the input that may reveal identities or confidential information and ii) remove or obfuscate them in an utility-preserving way. Our solutions rely on formal and robust privacy models (k-anonymity, t-closeness) in order to provide beforehand privacy guarantees on the kind and level of protection offered over the data (i.e., attribute/identity disclosure protection). Operations on these anonymized data (like searching, indexing, classification, limited aggregation, etc.) can be transparently performed by the CSP, thus making this solution ideal for non-collaborative CSPs. Moreover, a benefit of these methods is the fact that obfuscated documents may still be useful for CSPs, which might expect to derive a profit from data analysis, thus increasing the number of CSPs that might be willing to collaborate. Moreover, once anonymized data is stored in the cloud, accesses by external entities without CLARUS are also supported.

• Data splitting/merging is an approach similar to the one above, but here the detected sensitive pieces are split and stored at different locations (in the same cloud or in different clouds) so that individual parts do not disclose identities or reveal confidential information. The advantage over data anonymization is that with data splitting, the outcomes are perfectly accurate, which may be crucial in many critical scenarios (e.g., healthcare diagnosis). Moreover, as with anonymization, data storage and management is transparent by the CSP (even though not for external entities trying to access to the whole data).

This wide spectrum of solutions provide CLARUS with the ability to cope with heterogeneous needs regarding security, efficiency, functionality, access, interoperability, etc., and to different scenarios (e.g., standalone users, collaboration between users located at different companies, data spread through different CSPs, etc.). Moreover, the last two methods, data anonymisation and data splitting, constitute a main innovation of CLARUS to enhance the security in cloud services, and they significantly outperform standard cryptographic techniques in terms of e.g. efficiency, flexibility of operations and of data access, and utility for CSPs. To the best of our knowledge, no other on-going projects or existing commercial solutions for securing cloud transactions have considered this kind of solutions.
To enhance trust, CLARUS also implements auditing services are provided to end users in order to supervise the security operations performed by the CLARUS component (e.g. key management, obfuscation operations, access control policies to third users), and other trust enhancing features (e.g. open source code, standardised protocols and interfaces, physically controlled access, etc.) as well as counter measures and mitigation procedures.

To enhance security, CLARUS also provides an attack-tolerant framework, so that potential security breaches within the cloud can be dynamically detected and appropriate mitigation measures can be activated on-line. The system is also attack and intrusion resilient, i.e. able continue to deliver its services even after a successful attack, and to recover quickly. This contribution stands for the innovation potential of CLARUS. Currently there are many solutions that target security in cloud environments, but very few of those are capable of managing intrusions and attacks and providing countermeasures to protect the system and guarantee its expected behaviour in the context of a hostile environment.

The CLARUS solutions is built on standards in order to provide a solution as general as possible. Moreover, its own architecture is also built to be modular and easily extendable as new needs or cloud services are supported. To do so, a set of communication interfaces and protocols are designed: i) between the end user and the CLARUS proxy, ii) among different CLARUS instances running at different organisations, and iii) between the CLARUS proxy and the cloud service providers. The aim is that the interfaces and protocols should be generic and cover most of the spectrum of standard cloud services (e.g., plain storage via SQL databases, healthcare data storage standards, PostGIS location data storage and management, etc.). By means of standardisation, protocols and functions can be made homogenous for cloud providers and CLARUS proxies, so that: i) interoperability can be achieved among otherwise heterogeneous cloud providers; ii) collaborative services (e.g., edition of documents outsourced to the cloud by several users) can be implemented through several CLARUS proxies (e.g., located in different –trusted- environments but communicated with an –untrusted/unsafe- channel such as the Internet); and iii) APIs based on standards can be made available to programmers for a seamless development of end-user cloud-based applications.

CLARUS has the potential to have a high socio-economic impact in safeguarding the privacy of citizens in cloud computing environments. The project invests significantly into the ethical, social and legal aspects of cloud computing, an approach that clearly fits also within the Digital Agenda for Europe and is a very timely research direction. The technical and legal research to be carried in the project aims at providing a response to current regulatory issues, which in view of the technological challenges posed by cloud computing require an extension of the European legal framework on privacy and data protection. CLARUS has the opportunity to provide in depth privacy and data protection enhancements in cloud computing to contribute to the development of European expertise in the area.
Security concerns like data loss or leakage due the lack of direct control by cloud clients over the storage and management of outsourced data have prevented customers from migrating to the cloud. Moreover, cloud users may have concerns also regarding what CSPs intend to do with their data, and legal obstacles may also prevent business and e-government applications from migrating to the cloud. Many companies and individuals are thus reluctant to embrace the benefits associated with cloud services due to a lack of trust in either the cloud concept itself or in the Cloud Service Provider (CSP).

In a nutshell, several barriers still remain to make the consumers really trust the cloud services; this is particularly true for organizations and public organizations that have their business value in the sensitive data they own. Trust and confidence are central to the Digital Single Market to boost the digital economy and standardization has a key role to play in meeting security and privacy requirements. CLARUS will have significant socio-economic impact by contributing to the goals of the Digital Single Market in several key ways:

• Data protection. Reinforcing trust and security in digital services, especially the handling of personal data.

• Interoperability and Standardization. Defining priorities and interoperability in areas critical to European market and creating a level playing field across all sectors.

CLARUS impact will be significant with the definition of privacy-preserving mechanisms, which will provide security assurance and user control of outsourced data in order to build trust in the cloud, without impairing functionalities such as ubiquitous access with heterogeneous devices, including mobile ones. Control of the security mechanisms applied to outsourced data will be given to data owners themselves, together with the auditing mechanisms necessary to discover and manage incidents and build the required trust in the cloud. The beneficiaries of the CLARUS solution will be, on the one side, potential cloud end users like companies, public organisations and e-government administrations, which could thereby be motivated to embrace the benefits of trusted cloud services, and on the other side the CSPs themselves, because the CLARUS solution might motivate more users to move to the cloud, which implies a market opportunity for CSPs.

Related information

Record Number: 192776 / Last updated on: 2016-12-13
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top