Skip to main content



Reporting period: 2015-01-01 to 2016-06-30

Although cloud computing offers many benefits to its users, security issues such as confidentiality and privacy are still major concerns to those intending to migrate to the cloud. Traditional cloud security has been based on assurance to customers that cloud providers follow sound security practices. As a result, current security mechanisms are commonly located within the cloud platform, hence compelling customers to trust cloud providers. However, customers might be reluctant to outsource sensitive data due to lack of control over data storage and management. To reach its full potential, cloud computing needs solid security mechanisms that enhance trust in cloud computing by allowing cloud customers a greater control on the security and privacy of their data.

The main objective of the CLARUS project is to enhance trust in cloud computing services by developing a secure framework for the storage and processing of data outsourced to the cloud that allows end users to monitor, audit and control the stored data without impairing the functionality and cost-saving benefits of cloud services. The CLARUS solution will provide the end user with a dedicated proxy located in a trusted domain implementing security and privacy features towards the cloud provider. The proxy is intended for deployment within the client computer, in a server within the user’s domain, in an edge device (e.g. a router), or in any other location trusted by the user. CLARUS will also provide a set of security auditing services enabling the user to supervise the security operations performed by the CLARUS framework as well as other trust-enhancing features.

The beneficiaries of the CLARUS solution will be, on the one side, potential cloud customers like companies, public organisations and e-government administrations, which could thereby be motivated to embrace the benefits of trusted cloud services while retaining full control over any potentially sensitive data they outsource to the cloud. On the other side, the cloud providers themselves can also benefit because a trust-enabling solution like CLARUS will widen the spectrum of potential cloud users, which implies a market opportunity for cloud providers.

In the long term, initiatives like CLARUS can pave the way to developing more transparent, standardised, auditable and controllable cloud services, which will be beneficial for all stakeholders.

In order to meet the main objectives of CLARUS, the following sub-objectives have been established:
• Define a set of techniques to enhance security and privacy in clouds. The objective is to drive research on solutions that enable the user to enforce the protection of his or her data with respect to the CSP, while at the same time retaining the functionality and benefits offered by the CSPs. By exploiting or designing state-of-the-art methods and techniques, as well as pursuing new research in the areas of cryptography, document anonymisation, statistical disclosure control, and privacy-preserving data mining, CLARUS aims to provide a general toolkit of data securisation solutions supporting the use of a wide range of data types, cloud services, and user queries.
• Create an attack-tolerant integral framework for data storage in the cloud that includes especially designed intrusion and vulnerability detection mechanisms and mitigation procedures. In order to manage cloud security, CLARUS proposes to design attack tolerant systems that integrate intrusion detection methods, different defence strategies, and countermeasure techniques.
• • Design a service-oriented and interoperable-by-design architecture conforming to the proposed security and privacy framework and attack-tolerant cloud system. Based on the requirements for security, privacy and intrusion tolerance, an architecture will be designed in which end users are provided with user-friendly methods to run the security mechanisms and audit the corresponding securised cloud services. The interactio
We describe the work carried out during the reporting period towards the achievement of the aforementioned objectives:

• Define a set of techniques to enhance security and privacy of data outsourced to the cloud: This is the main goal of WP3-Security and privacy Framework. During the first 6 months of the project, we surveyed solutions suitable to tackle the security and privacy challenges identified within CLARUS (D3.1: Characterization of enabling technologies). This survey constituted the basis for the research carried out in T3.2 on the definition of new techniques and the adaptation of some of the existing ones to the cloud scenario. As a result of a close collaboration between the scientific partners of the consortium, the set of privacy-enabling techniques that are going to be deployed in the final CLARUS solution are already defined. Some of these solutions have been already presented at international conferences or published in international journals. Currently, we are still researching on these topics to improve the efficiency and flexibility of the solutions, which will be reported in D3.2: New Security techniques (a deliverable that will collate all the results obtained until M24).

• Create an attack-tolerant integral framework for data storage in the cloud that includes especially designed intrusion and vulnerability detection mechanisms and mitigation procedures. This is the main goal of T3.3: Security metrics and monitoring. In M10, we submitted D3.3: An attack-tolerant framework for the cloud, in which we presented an overview of monitoring and attack-tolerant techniques that will be used as a basis for the attack-tolerant framework to be integrated in the CLARUS platform. Detailed descriptions for attacks to be detected, monitored metrics and countermeasures were also included, along with mechanisms to detect and mitigate security and privacy issues. Later, in M18 we submitted D3.5: Adapted monitoring tool for the cloud. This deliverable describes the first version of the monitoring software package that enables the supervision of CLARUS client operations during runtime to detect errors, malicious behaviors and attacks. It presents an overview of the methodology (risk -based monitoring) to adapt a Montimage Monitoring Tool (MMT) tool to the CLARUS platform, together with a detailed description of the security monitoring performed by the adapted MMT. At the moment, since no real trace is captured yet from the CLARUS proxy (that is under implementation in WP5), the first version of the monitoring has been developed and tested with simulated data. The second version will include several attack examples that are presented in this document.

• Design a service-oriented and interoperable-by-design architecture conforming to the proposed security and privacy framework and attack-tolerant cloud system: The final version of the CLARUS architecture has been released in M18, as D4.2: Architecture v2. The partners involved in WP4-architecture have worked in the design of the CLARUS architecture from M7, in which the final requirements of the CLARUS platform were defined. Firstly, we submitted D4.1: Architecture v1, which specified the first version of the architecture of the CLARUS platform in M10. The resulting architecture addresses the requirements identified in WP2 and has been designed to achieve interoperability of the different components. The main component of this platform is a proxy in charge of protecting customers’ data in a transparent way, while these are stored and processed in the cloud. In this first version, we focused on an individual CLARUS proxy (even though this proxy may manage several users within the same organization). The final version of the architecture of the CLARUS platform considers a more general scenario involving multiple CLARUS proxies that will interact with each other and incorporates the advances achieved in WP3.

• Design and implementation of the CLARUS platfo
Enhancing privacy, security and trust of end users with respect to the cloud providers is the main goal of the CLARUS project. To achieve this, the CLARUS solution consists in a proxy located in a domain trusted by the end user (e.g. a server in her company’s intranet or a plug-in in the user’s device) that implements security and privacy-enabling features towards the cloud service provider.
To enhance privacy, CLARUS implements a set of privacy-enabling mechanisms to ensure that the user’s sensitive data are properly protected before they are outsourced to the cloud. Protection is provided in a way that cloud service functionalities are still preserved, even those that require performing operations (e.g. queries, transformations, calculations) on the protected data. To achieve that, CLARUS draws on and innovates over the current state of the art on the following areas:

• Data encryption is the least flexible and most computationally expensive solution, but also the most secure one. In former solutions, this has been done either by introducing on-premises proxies or gateways that encrypt data before passing them to the cloud provider, or by using third-party encryption appliances based on the use of keys totally controlled by the costumer, thus limiting access to data by the cloud provider. However, these approaches imply either (i) an important loss of functionality, making it hard or impossible to perform certain operations on data: (ii) a lower degree of security, e.g. in the use of function-preserving encryption methods; or (iii) a loss of efficiency or data utility for both cloud costumers and CSPs, such as when using homomorphic encryption. In CLARUs, only a limited number of operations are supported with data encryption due to functional and efficiency requirements, like searching, which can be adequate for simple data storage services. A restricted set of arithmetical operations is also possible on encrypted data with homomorphic encryption is used. A certain degree of cooperation is required from the CSP to obtain consistent results. Access control for third-party users can be enabled by means of conditionally decryptable encryption methods. CLARUS carefully considers the management of encryption and decryption keys under direct control of the end users, especially in distributed scenarios and interproxy communications.

• Data anonymisation, which include a variety of methods based on i) searching sensitive pieces of information in the input that may reveal identities or confidential information and ii) remove or obfuscate them in an utility-preserving way. Our solutions rely on formal and robust privacy models (k-anonymity, t-closeness) in order to provide beforehand privacy guarantees on the kind and level of protection offered over the data (i.e. attribute/identity disclosure protection). Operations on these anonymized data (like searching, indexing, classification, limited aggregation, etc.) can be transparently performed by the CSP, thus making this solution ideal for non-collaborative CSPs. Moreover, a benefit of these methods is the fact that obfuscated documents may still be useful for CSPs, which might expect to derive a profit from data analysis, thus increasing the number of CSPs that might be willing to collaborate. Moreover, once anonymized data is stored in the cloud, accesses by external entities without CLARUS are also supported.

• Data splitting/merging is an approach similar to the one above, but here the detected sensitive pieces are split and stored at different locations (in the same cloud or in different clouds) so that individual parts do not disclose identities or reveal confidential information. The advantage over data anonymization is that with data splitting, the outcomes are perfectly accurate, which may be crucial in many critical scenarios (e.g. healthcare diagnosis). Moreover, as with anonymization, data storage and management is transparent by the CSP (even though