Skip to main content

Trust-aware, REliable and Distributed Information SEcurity in the Cloud.

Periodic Reporting for period 2 - TREDISEC (Trust-aware, REliable and Distributed Information SEcurity in the Cloud.)

Reporting period: 2016-10-01 to 2018-03-31

Cloud computing services are widely adopted by individuals and companies thanks to their various advantages (e.g. reliability and low maintenance costs). Yet, data security and user privacy remain the major concern since it entails lending the control over their data to cloud service providers. Existing end-to-end security solutions unfortunately cancels out the advantages of the cloud technology such as cost effective storage.
In TREDISEC, we designed security primitives that not only ensure data protection and user privacy but also maintain the cost effectiveness of cloud systems. First, we identified the functional and non-functional requirements that are crucial to the cloud business. We further analysed the conflicts between these requirements and security needs and developed new solutions that address these shortcomings and enhance security. Moreover, we provided a framework that helps cloud providers integrating these solutions seamlessly into their existing infrastructure and services, facilitating adoption by existing EU businesses.
Definition and execution of the project management procedures (quality, reporting, risk management, document/output storage and management, deliverable quality review, etc.), implementation of the management structure, guidelines and supporting tools to enable a seamless and fruitful collaboration among the consortium partners.
Definition, consolidation and execution of the Innovation strategy, including a continuous monitoring of 7 key project innovation points by the Innovation Director, supported by the Project Coordinator and Scientific Director (EURC); in collaboration with the WP leaders. Two innovation assessments were conducted, one towards the middle of the project another at the end of the project, concluded there are no identified threats in the market to the produced TREDISEC innovations.
Research & Development Activities started the first year with the description of the context scenarios of SAP, GRNET, ARSYS and MPH, which specified six use cases for TREDISEC. These served the project with two purposes: to elicit a series of end-user requirements that will influence the design of the TREDISEC framework architecture and the security primitives developed in the technical workpackages (i.e. 3, 4 and 5); and to set up the context for the evaluation activities that will take place in the last year of the project in the context of WP6. The requirements permitted the definition of the architectural models and the design of a TREDISEC framework supporting the technical characteristics of the security primitives, but also took into account end-user needs. The framework prototype was implemented and subsequently deployed into a cloud-based environment, in the context of the WP6 activities.
The research activities in WP3, WP4 and WP5 run in parallel during 30 months to design 27 end-to-end cloud security solutions, i.e. the TREDISEC security primitives, and provide 25 prototype primitive implementations, with different degrees of maturity: TRL 7 (2), TRL 6 (5), TRL 4-5 (7) and TRL 3 or lower (11). These primitives have been evaluated, packaged and made available through the TREDISEC framework. This packaging enables the framework to offer the primitives to the users in a standard format, in terms of documentation and use. But also, permits the framework to automate some activities such as the testing and deployment of these primitives in cloud-based environments. A specific artefact was envisioned by the TREDISEC architecture to bundle one or more primitives, pre-configured and customized for specific cloud settings: the TREDISEC Recipe. All in all, the project designed 9 recipes, available from the TREDISEC framework.
Project Validation: A plan for validation of the TREDISEC technologies was conceived first in M24, including a set of criteria to assess to what extent the requirements elicited in the first stage of the project were satisfied. This validation plan was refined in the upcoming months and four separated evaluation environment replicating the conditions of the real productive environments of ARSYS, GRNET, SAP and MPH were set-up. Different set of primitives were integrated and validated in these environments. The framework was also validated, in a series of sessions organized by GRNET and ATOS.
A common strategy for dissemination and communication of project advances and results was defined at the beginning of the project, setting the objectives, audience, three-years-timeline, the base-line for individual partner’s activities, as well as some common activities (e.g. workshops, joint papers), presence in social media (Twitter and LinkedIn), the project website ( etc. to promote the project along its entire duration. A complete set of graphical material to support these activities was developed (poster, flyer and four infographics), several press releases and campaigns were launched to promote the project at specific events. All in all, a total of 34 publications; 18 project presentations in conferences, workshops or summer schools; 3 whitepapers; 4 collaboration lines with H2020 project clusters, technology platforms or industrial fora; 5 demonstrations of innovations and 3 project workshops are the highlights of the project activities to create impact.
Exploitation and Sustainability: three business models were identified and preliminary designed at M24, taking into account most appropriate channels, end users, players and potential products. This proposal was validated with representatives of key focus groups: Security Technology Providers, System Integrators and Cloud Providers and other Verticals (including SMEs and Large Industry). The analysis and results are reported in D7.8 (M36), which also includes a detailed report of individual and joint exploitation activities. Additionally, an Exploitation Board has been put in place, where relevant representatives of consortium partners are included, with a single point of contact: The TREDISEC framework, which is the main entry point for primitives and recipes, is released Open Source under Apache 2.0 license, promoted to the public through dedicated space in the project website and at Trust in Digital Life website, which guarantees long-term availability.
End-to-end security aims to endow the users with full control over their outsourced data, but cloud service providers may not be able to efficiently process clients' data, nor may they be able to take full advantage of cost-effective storage solutions which rely on existing deduplication and compression mechanisms. TREDISEC’s primitives provide a long-sought solution for security and privacy issues that no technology in the market is currently able to offer. Furthermore, a security primitive is typically devised for a single use-case and/or a specific application, which is a way to reduce complexity of the solution but may lead to incompatibilities when implemented using the same interface or the same framework. The TREDISEC primitives have been organized in self-sufficient modules providing a rich set of APIs together with their detailed documentation, allowing prospective users to select only those components that meet their needs, while at the same time enables, in combination with the framework, their integration and connection in the form of recipes.