Periodic Reporting for period 2 - CLARUS (A FRAMEWORK FOR USER CENTRED PRIVACY AND SECURITY IN THE CLOUD)
Reporting period: 2016-07-01 to 2017-12-31
The main objective of the CLARUS project is to enhance trust in cloud computing services by developing a secure framework for the storage and processing of data outsourced to the cloud that allows end users to protect, monitor, audit and control the outsourced data without impairing the functionalities and cost-saving benefits of cloud services. The CLARUS solution provides the end user with a dedicated proxy located in a trusted domain implementing configurable security and privacy features towards the cloud provider while being transparent for the end user or end user applications.
To enforce security and privacy, CLARUS implements a variety of functionality-preserving data protection techniques, which include cryptographic methods (searchable encryption) and non-cryptographic ones (data anonymization and data splitting). Thanks to the variety and complementary features of these techniques, CLARUS supports a wide spectrum of heterogenous cloud services, scenarios and privacy and functional requirements. CLARUS also implements an attack-tolerant framework that is able to detect intrusions and automatically enforce mitigation procedures. Finally, CLARUS offers an interoperable, extensible and modular architecture that support standard services, protocols and data formats, and which can be extended with additional protocols and data protection mechanisms.
The CLARUS solution has been demonstrated in a variety of scenarios, which include outsourcing e-health and geo-referenced data to the cloud. The results show that CLARUS is able to secure and preserve most cloud functionalities (storage, data retrieval, updates, search queries and even outsourced computations) while being transparent for end users and with small or even null impact on response times.
These were the inputs to design an architecture for CLARUS and to adapt and enhance the techniques selected to guarantee the privacy of outsourced data while preserving cloud functionalities as much as possible.
The implementation itself started with the definition of the CLARUS proxy interfaces. Afterwards, we devoted a great effort on the development of the protocol module. This module allows running one or several protocol gateway(s), which are in charge of intercepting and of processing requests and responses between client applications and cloud services (using specific protocols and data formats, such as PostgreSQL), and of protecting data on the fly. Thanks to the plug-in mechanism, the CLARUS protocol module is an extensible application that can be enhanced with new plug-ins to support additional protocols or to support additional data protection techniques. In the context of CLARUS project, the supported protocols are PostgreSQL and OGC WFS3, which are those used in our use cases.
Moreover, three data operation modules have been fully implemented that deal with the use cases defined previously:
• Data Anonymization
• Data Splitting
• Searchable Encryption
During the implementation we have carried out a continuous evaluation of the different modules, providing feedback to the CLARUS developers and a continuous assessment of the legal and standardization requirements. When a first version of the CLARUS platform was available we carried out a full evaluation.
During the whole life of the project we have tried to ensure the visibility of CLARUS carrying on several dissemination activities. We identified the target audience and made a comprehensive analysis of the CLARUS value proposition from both technical and business perspectives, leading to a market‐facing overview of its target stakeholders, aligned with its current exploitation plans and business model.
Scientific results span all major CLARUS innovations, including innovative approaches to data anonymization, homomorphic and searchable encryption and intrusion detection. We have also highlighted the added value of CLARUS for the practical use cases, with sector-specific conference presentations and posters.
As the project has progressed, more focus has been given to market-facing communication and marketing activities working together with the CloudWATCH2 service. This collaboration and CLARUS research have shown the timeliness of CLARUS in relation to the incoming GDPR and its implications for many kinds of organizations.
Although the project is finished, CLARUS outputs are mature and ready for use. Thus, we have designed a marketing campaign that is taking place from February 2018.
Regarding data encryption, CLARUS, has explored methods to execute SQL queries over encrypted databases, providing a framework that supports private search queries over encrypted SQL databases.
Besides that, the data anonymisation and data splitting methods also applied in CLARUS, constitute a main innovation of CLARUS to enhance the security in cloud services, and they significantly outperform standard cryptographic techniques in terms of e.g. efficiency, flexibility of operations and of data access, and utility for CSPs. To the best of our knowledge, no other projects or existing commercial solutions for securing cloud transactions have considered this kind of solutions.
CLARUS impact will be significant with the definition of privacy-preserving mechanisms, which will provide security assurance and user control of outsourced data in order to build trust in the cloud, without impairing functionalities such as ubiquitous access with heterogeneous devices, including mobile ones. Control of the security mechanisms applied to outsourced data will be given to data owners themselves, together with the auditing mechanisms necessary to discover and manage incidents and build the required trust in the cloud. The beneficiaries of the CLARUS solution will be, on the one side, potential cloud end users like companies, public organisations and e-government administrations, which could thereby be motivated to embrace the benefits of trusted cloud services, and on the other side the CSPs themselves, because the CLARUS solution might motivate more users to move to the cloud, which implies a market opportunity for CSPs