Skip to main content

USER-CENTRIC MANAGEMENT OF SECURITY AND DEPENDABILITY IN CLOUDS OF CLOUDS

Deliverables

Project quality plan

"The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners. This deliverable is marked with nature ""OTHER"" (software, technical diagram, etc.) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Consolidated data management results and technology

This deliverable will summarize all results relating to data management in the SUPERCLOUD. It contains descriptions of mechanisms and documents the results obtained by integrating the data handling prototypes into the testbed.

Architecture for data management

This deliverable documents the aspects of the SUPERCLOUD architecture relevant for data management. It will focus on the static entities in the SUPERCLOUD infrastructure relevant for data processing with the security and resilience features introduced by the tasks of WP3. An important aspect, relevant for all tasks, is the architecture for cryptographic key management. This deliverable forms the basis for the later deliverables.

Implementation of Self-Management of Network Security and Resilience

This deliverable will present the overall architecture of the network virtualization platform, and it will include the final version of the description, implementation and evaluation of the services and protocols that were developed.

SUPERCLOUD Architecture Specification

This deliverable will describe an architecture that builds the basis for the SUPERCLOUD project. The architecture will serve as an initial point to develop solutions for the three objectives of SUPECLOUD, i.e., self-service security, self- managed security and end-to-end security.

Preliminary Architecture of the Multi-Cloud Network Virtualization Infrastructure

This deliverable will describe an initial version of the network virtualization architecture, identifying the main components and their relations. The fundamental assumptions about the environment will also be presented as well as potential techniques that will be used to increase the resilience of the operations.

Specification of Self-Management of Network Security and Resilience

This deliverable defines the main services and protocols that will be provided by the network virtualization platform, namely to the users and other components of the SUPERCLOUD framework.

SUPERCLOUD Self-Management of Security Specification

This deliverable will describe the specifications of the Security Service Level Agreement (SSLA) that will form the foundations of security resource requests for customers, specifying their security policy requests and negotiation capabilities as well as the requested audit levels that provide information and feedback about actual enforcement across service providers.

Architecture for Secure Computation Infrastructure and Self-Management of VM Security

This deliverable provides the analysis and the specification both of the distributed cloud infrastructure for computation and of the SUPERCLOUD mechanisms for self-management of security of VMs running on this infrastructure. The deliverable contains the description of the virtualization layer federating compute cloud resources. It also includes the specification of the autonomic security monitoring infrastructure support enabling a 360° view of security management both across layers and domains for the SUPERCLOUD system.

Specification of security enablers for data management

This deliverable will introduce the processing functions for data management in the SUPERCLOUD. In particular, it contains component specifications, descriptions of distributed protocols, specifications of cryptographic mechanisms, and descriptions of the data-resilience tools.

Risk Assessment Plan

The Risk Assessment Plan will include a Critical Path Analysis (CPA) of the main project activities, identifying risk points, and procedures to deal with them.

Evaluation and validation results

Description of the validation and evaluation through the use cases.

Consolidated Security Management and Infrastructure for Computation Results and Technology

"This deliverable is the final version of the distributed cloud infrastructure for computation and SUPERCLOUD security management services, integrated within the final project demonstrator, and evaluated. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

SUPERCLOUD Architecture Implementation

"This deliverable will describe and demonstrate the implementation of the architecture that is developed and described in D1.1 (SUPERCLOUD Architecture Specification). The implementation will be based on an open source hypervisor and provides jacking points for the implementations of all other SUPERCLOUD objectives. Thus, it will be the basis for other implementations in the SOUPERCLOUD project, for instance, the Security Management and Infrastructure for Computation from WP2, Data Management from WP3 or Resilient Network Virtualization and Provisioning from WP4. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Proof-of-concept prototype for data management

"This deliverable contains the first release of the implementations of the SUPERCLOUD data handling functions. It will consist of prototypes for a selected number of the functions described in D3.2; they use the SUPERCLOUD architecture but are not necessarily integrated into the common testbed. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

SUPERCLOUD Self-Management of Security Implementation

"This deliverable will describe and demonstrate the implementation of self-specified Security Service Level Agreements (SSLAs) for customers, leveraging and integrating development work from WP2-4 to provide a homogeneous, layer-transparent view of security. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Implementation of Secure Computation Infrastructure and Self-Management of VM Security

"This deliverable is the prototypical implementation of the distributed cloud infrastructure for computation and of the SUPERCLOUD mechanisms for self-management of security of VMs running on this infrastructure. The APIs of the corresponding components are available, a first tested version being ready to integrate in the project testbed. The deliverable also contains all the components to manage trust in the SUPERCLOUD and underlying infrastructure, relying on hardware-enabled security mechanisms. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Proof-of-Concept Prototype of Secure Computation Infrastructure and SUPERCLOUD Security Services

"This deliverable is the prototypical implementation of the distributed cloud infrastructure for computation and related SUPERCLOUD security management services, ready to integrate in the use case implementation on the project testbed. The deliverable also discusses how the security architecture for SUPERCLOUD systems may be extended to enable a continuum between user and provider control over security. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Proof-of-concept Prototype of the Multi-Cloud Network Virtualization Infrastructure

"This deliverable will show the execution of specific parts of the multi-cloud network virtualization platform, demonstrating it with relevant applications. In the third year of the project, these results will be extended, when the network virtualization solutions are employed to support the use case scenarios. This deliverable is marked with nature ""DEM"" (demonstrator, pilot, prototype, plan designs) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Internal and external IT communication infrastructure and project website

"The external IT communication infrastructure constitutes a guideline for communication of the SUPERCLOUD project to external target groups including conferences, marketing measures and communication channels. Furthermore this deliverable constitutes the launch of the internal SUPERCLOUD communication infrastructure including the establishment of mailing lists or a subversion server, and the SUPERCLOUD website. This deliverable is marked with nature “DEC” and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievement of this deliverable. This deliverable is marked with nature ""DEC"" (websites, patents filing, press & media actions, videos, etc.) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievemt of the deliverable."

Data Management Plan

As SUPERCLOUD is taking part in the Pilot on Open Research Data a first version of the DMP as an early deliverable will be provided within the first six months of the project. The purpose of the DMP is to provide an analysis of the main elements of the data management policy that will be used by the applications with regard to all the datasets that will be generated by the project. The DMP is not a fixed document, but evolves during the lifespan of the project. More developed versions of the plan can therefore be included as additional deliverables at later stages. According to the Guidelines on Data Management in Horizon 2020, the DMP should address data set reference and name, data set description, standards and metadata, data sharing and archiving and preservation (including storage and backup) on a dataset by dataset basis and should reflect the current status of reflection within the consortium about the data that will be produced.

Searching for OpenAIRE data...

Publications

On the consistency of heterogeneous composite objects

Author(s): Alysson Bessani, Ricardo Mendes, Tiago Oliveira
Published in: Proceedings of the First Workshop on Principles and Practice of Consistency for Distributed Data - PaPoC '15, 2015, Page(s) 1-2
DOI: 10.1145/2745947.2746687

Nested Virtualization meets Micro-Hypervisors: Towards a Virtualization Architecture for User-Centric Multi-Clouds

Author(s): Alex Palesandro, Marc Lacoste, Chirine Ghedira Guegan and Nadia Bennani
Published in: 2015
DOI: 10.5281/zenodo.56452

The role of cloud services in malicious software: trends and insights?

Author(s): Xiao Han, Nizar Kheir, Davide Balzarotti
Published in: DIMVA 2015, 2016, Page(s) 187-204
DOI: 10.1007/978-3-319-20550-2_10

Separating the WHEAT from the Chaff: An Empirical Design for Geo-Replicated State Machines

Author(s): Joao Sousa, Alysson Bessani
Published in: 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), 2015, Page(s) 146-155
DOI: 10.1109/SRDS.2015.40

Consenus in a Box: Inexpensive Coordination in Hardware

Author(s): Zsolt Istvan, David Sidler, Gustavo Alonso and Marko Vukolic
Published in: NSDI 2016 (13th USENIX Symposium on Networked Systems Design and Implementation), 2016

(Literally) above the clouds: virtualizing the network over multiple clouds

Author(s): Max Alaluna, Fernando M. V. Ramos, Nuno Neves
Published in: IEEE Conference on Network Softwarization (NetSoft), 2016
DOI: 10.5281/zenodo.55261

Towards Management of Chains of Trust for Multi-Clouds with Intel SGX

Author(s): Houssem Kanzari, Marc Lacoste
Published in: 2nd Workshop on Security in Clouds, 2016
DOI: 10.5281/zenodo.60903

Verifiable Message-Locked Encryption

Author(s): Sébastien Canard, Fabien Laguillaumie, Marie Paindavoine
Published in: Second Workshop on Security in Clouds (SEC2), 2016
DOI: 10.5281/zenodo.58898

A Novel Proof of Data Possession Scheme based on Set-Homomorphic Operations

Author(s): Nesrine Kaaniche, Maryline Laurent, Sébastien Canard
Published in: Second Workshop on Security in Clouds (SEC2), 2016
DOI: 10.5281/zenodo.58911

GINJA: One-dollar Cloud-based Disaster Recovery for Databases

Author(s): Alcântara, Joel; Oliveira, Tiago; Bessani; Alysson
Published in: Proceedings of the 2017 ACM/IFIP/USENIX Middleware Conference (Middleware'17), Issue 1, 2017
DOI: 10.5281/zenodo.1163572

A byzantine fault-tolerant ordering service for the hyperledger fabric blockchain platform

Author(s): Alysson Bessani, João Sousa, Marko Vukolić
Published in: Proceedings of the 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers - SERIAL '17, 2017, Page(s) 1-2
DOI: 10.1145/3152824.3152830

XFT: Practical Fault Tolerance Beyond Crashes

Author(s): Liu, Shengyun; Viotti, Paolo; Cachin, Christian; Quéma, Vivien; Vukolić, Marko
Published in: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016); Savannah, GA, USA, Issue 50, 2016
DOI: 10.5281/zenodo.168544

Mantus: Putting Aspects to Work for Flexible Multi-Cloud Deployment

Author(s): Palesandro, Alex; Lacoste, Marc; Bennani, Nadia; Guegan, Chirine Ghedira; Bourge, Denis
Published in: 10th IEEE International Conference on Cloud Computing (CLOUD), Issue 4, 2017
DOI: 10.5281/zenodo.846809

Secure Tera-scale Data Crunching with a Small TCB

Author(s): Vavala, Bruno; Neves, Nuno; Steenkiste, Peter
Published in: International Conference on Dependable Systems and Networks (DSN), Issue 4, 2017
DOI: 10.5281/zenodo.835720

Secure and Dependable Multi-Cloud Network Virtualization

Author(s): Max Alaluna, Eric Vial, Nuno Neves, Fernando M. V. Ramos
Published in: Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures - XDOMO'17, Issue EuroSys 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (XDOM0), 2017, Page(s) 1-6
DOI: 10.1145/3071064.3071066

SDN-based Dynamic and Adaptive Policy Management System to Mitigate DDoS Attacks

Author(s): Sahay, Rishikesh; Blanc, Gregory; Zhang, Zonghua; Toumi, Khalifa; Debar, Hervé
Published in: EuroSys 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (XDOM0), Issue 8, 2017
DOI: 10.5281/zenodo.580290

Chrysaor: Fine-Grained, Fault-Tolerant Cloud-of-Clouds MapReduce

Author(s): Costa, Pedro A. R. S.; Ramos, Fernando M. V.; Correia, Miguel
Published in: IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Issue 6, 2017
DOI: 10.5281/zenodo.814856

Enabling Trust Assessment In Clouds-of-Clouds - A Similarity-Based Approach

Author(s): Reda Yaich, Nora Cuppens, Frédéric Cuppens
Published in: Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES '17, 2017, Page(s) 1-9
DOI: 10.1145/3098954.3098970

Somewhat/Fully Homomorphic Encryption: implementation progresses and challenges

Author(s): Bonnoron, Guillaume; Fontaine, Caroline; Gogniat, Guy; Herbert, Vincent; Lapotre, Vianney; Migliore, Vincent; Roux-Langlois, Adeline
Published in: Guillaume Bonnoron, Caroline Fontaine, Guy Gogniat, Vincent Herbert, Vianney, Lapotre, Vincent Migliore, Adeline Roux-Langlois, Issue 9, 2017
DOI: 10.5281/zenodo.580199

Firewall Policies Provisioning Through SDN in the Cloud

Author(s): Nora Cuppens, Salaheddine Zerkane, Yanhuang Li, David Espes, Philippe Le Parc, Frédéric Cuppens
Published in: 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'17), 2017, Page(s) 293-310
DOI: 10.1007/978-3-319-61176-1_16

Rethinking Permissioned Blockchains

Author(s): Marko Vukolić
Published in: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts - BCC '17, Issue BCC 2017 : The First ACM Workshop on Blockchain, Cryptocurrencies and Contracts (BCC’17), Abu Dhabi, UAE, April 2017, 2017, Page(s) 3-7
DOI: 10.1145/3055518.3055526

Non-determinism in Byzantine Fault-Tolerant Replication

Author(s): Cachin, Christian; Vukolic, Marko; Schubert, Simon
Published in: 20th International Conference On Principles Of DIstributed Systems (OPODIS’16), Issue 9, 2016
DOI: 10.4230/LIPIcs.OPODIS.2016.24

PhishEye: Live Monitoring of Sandboxed Phishing Kits

Author(s): Han, Xiao; Kheir, Nizar; Balzarotti, Davide
Published in: 23rd ACM conference on Computer and Communications Security (CCS); Austria, October 2016, Issue 10, 2016
DOI: 10.5281/zenodo.166929

Constant-Size Ciphertext Attribute-based Encryption from Multi-Channel Broadcast Encryption

Author(s): Sébastien Canard, Viet Cuong Trinh
Published in: ICISS 2016, 2016, Page(s) 193-211
DOI: 10.1007/978-3-319-49806-5_10

Usage Control Policy Enforcement in SDN-Based Clouds: A Dynamic Availability Service Use Case

Author(s): Khalifa Toumi, Muhammad Sabir Idrees, Fabien Charmet, Reda Yaich, Gregory Blanc
Published in: 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2016, Page(s) 578-585
DOI: 10.1109/HPCC-SmartCity-DSS.2016.0087

Veriable Message-Locked Encryption

Author(s): Canard, Sébastien; Laguillaumie, Fabien; Paindavoine, Marie
Published in: CANS 2016, Issue 9, 2016, Page(s) 299-315
DOI: 10.5281/zenodo.246798

How many planet-wide leaders should there be?

Author(s): Shengyun Liu, Marko Vukolić
Published in: ACM SIGMETRICS Performance Evaluation Review, Issue 43/3, 2015, Page(s) 3-6, ISSN 0163-5999
DOI: 10.1145/2847220.2847222

Towards User-Centric Management of Security and Dependability in Clouds of Clouds

Author(s): Marc Lacoste, Fabien Charmet
Published in: E-Democracy – Citizen Rights in the World of the New Computing Paradigms, 2015, Page(s) 198-201
DOI: 10.5281/zenodo.56455

Similarity Measure for Security Policies in Service Provider Selection

Author(s): Yanhuang Li, Nora Cuppens-Boulahia, Jean-Michel Crom, Frédéric Cuppens, Vincent Frey, and Xiaoshu Ji
Published in: Information Systems Security, 2015, Page(s) 227-242
DOI: 10.5281/zenodo.55782

Trinocchio: Privacy-Preserving Outsourcing by Distributed Verifiable Computation

Author(s): Berry Schoenmakers, Meilof Veeningen, Niels de Vreede
Published in: Applied Cryptography and Network Security, 2016, Page(s) 346-366
DOI: 10.5281/zenodo.60294

Certificate Validation in Secure Computation and Its Use in Verifiable Linear Programming

Author(s): Sebastiaan de Hoogh, Berry Schoenmakers, Meilof Veeningen
Published in: Progress in Cryptology – AFRICACRYPT 2016, 2016, Page(s) 265-284
DOI: 10.5281/zenodo.55062

Expression and Enforcement of Security Policy for Virtual Resource Allocation in IaaS Cloud

Author(s): Yanhuang Li, Nora Cuppens-Boulahia, Jean-Michel Crom, Frédéric Cuppens, Vincent Frey
Published in: ICT Systems Security and Privacy Protection, 2016, Page(s) 105-118
DOI: 10.5281/zenodo.55781

Knowledge Connectivity Requirements for Solving Byzantine Consensus with Unknown Participants

Author(s): Eduardo Adilio Pelinson Alchieri, Alysson Bessani, Fabiola Greve, Joni da Silva Fraga
Published in: IEEE Transactions on Dependable and Secure Computing, 2017, Page(s) 1-1, ISSN 1545-5971
DOI: 10.1109/TDSC.2016.2548460

Software-Defined Networks: On the Road to the Softwarization of Networking

Author(s): Fernando M. V. Ramos, Diego Kreutz, Paulo Veríssimo
Published in: Cutter IT Journal, Issue Volume 28, 2015, Page(s) 6-13, ISSN 1522-7383
DOI: 10.5281/zenodo.55258

The KISS principle in Software-Defined Networking: a framework for secure communications

Author(s): Kreutz, Diego; Yu, Jiangshan; Esteves-Verissimo, Paulo; Magalhães, Cátia; Ramos, Fernando
Published in: IEEE Security and Privacy, Issue 1, 2017
DOI: 10.5281/zenodo.1053803

On the Design of Resilient Multicloud MapReduce

Author(s): Pedro A. R. S. Costa, Fernando M. V. Ramos, Miguel Correia
Published in: IEEE Cloud Computing, Issue 4/4, 2017, Page(s) 74-82, ISSN 2325-6095
DOI: 10.1109/MCC.2017.3791027

User-Centric Security and Dependability in the Clouds-of-Clouds

Author(s): Marc Lacoste, Markus Miettinen, Nuno Neves, Fernando M.V. Ramos, Marko Vukolic, Fabien Charmet, Reda Yaich, Krzysztof Oborzynski, Gitesh Vernekar, Paulo Sousa
Published in: IEEE Cloud Computing, Issue 3/5, 2016, Page(s) 64-75, ISSN 2325-6095
DOI: 10.1109/MCC.2016.110

Exploring Key-Value Stores in Multi-Writer Byzantine-Resilient Register Emulations

Author(s): Oliveira, Tiago; Mendes, Ricardo; Bessani, Alysson
Published in: 20th International Conference On Principles Of DIstributed Systems (OPODIS’16), Madrid, December 201, Issue 9, 2016, ISSN 1868-8969
DOI: 10.5281/zenodo.437208

Elastic State Machine Replication

Author(s): Andre Nogueira, Antonio Casimiro, Alysson Bessani
Published in: IEEE Transactions on Parallel and Distributed Systems, Issue 28/9, 2017, Page(s) 2486-2499, ISSN 1045-9219
DOI: 10.1109/TPDS.2017.2686383

Secure Virtual Network Embedding in a Multi-Cloud Environment

Author(s): Alaluna, Max; Ferrolho, Luís; Figueira, José Rui; Neves, Nuno; Ramos, Fernando M. V.
Published in: arXiv.org, 03 March 2017, Issue 9, 2017
DOI: 10.5281/zenodo.803033

Overcoming Barriers for Ubiquitous User- Centric Healthcare Services

Author(s): Palesandro, Alex; Ghedira Guegan, Chirine; Lacoste, Marc; Bennani, Nadia
Published in: IEEE Cloud Computing 3(6) 64 - 74, Issue 10, 2016, ISSN 2325-6095
DOI: 10.5281/zenodo.321437

Hardware/Software Co-Design of an Accelerator for FV Homomorphic Encryption Scheme Using Karatsuba Algorithm

Author(s): Vincent Migliore, Maria Mendez Real, Vianney Lapotre, Arnaud Tisserand, Caroline Fontaine, Guy Gogniat
Published in: IEEE Transactions on Computers, Issue 67/3, 2018, Page(s) 335-347, ISSN 0018-9340
DOI: 10.1109/TC.2016.2645204