SecUre iNFormation SHaring in federated heterogeneous private clouds

SUNFISH (SecUre iNFormatIon SHaring in federated heterogeneous private clouds) is a Research and Innovation project funded under the first Horizon 2020 call dedicated to Advanced Cloud Infrastructure and Services (Jan.’15 - Dec.’17).
SUNFISH has developed advanced Cloud Infrastructure and Services in order to overpass the lack of infrastructure and reliable technologies that can enable Public Sector bodies to federate their private cloud infrastructure. The software platform enables secure federation of Cloud infrastructure, with a focus on the public sector’s requirements.
In this context, SUNFISH had to deal with various key challenges:
1.eGovernment solutions are rapidly moving towards the adoption of private clouds. This process are facing the problem of integrating services provided by their own private cloud with data and services provided also by external private clouds (adoption of “hybrid” cloud models).
2.Storage of information in the cloud is considered an acceptable risk only if the long-term security and confidentiality of data can be guaranteed effectively.
3.Choosing to store data on external systems could potentially expose to the risk of data being stolen or used for fraudulent purposes.
The consortium consists of 11 heterogeneous organizations (Public Bodies, Universities, IT Developers, SMEs, R&D Institutes), coming from 6 different countries (Italy, UK, Israel, Estonia, Malta, and Austria), formally coordinated by the Italian Ministry of Finance (MEF).
Since SUNFISH is conceived following a user-centric approach, its practicability has been tested on the three public administrations partner of the Project and shaped around their real needs. These use cases are effective demonstrators of how the platform works and how the public sector can take advantage of the technology. The impact assessment carried out on the three demonstrators has shown the following:
•increased data sharing and service efficiency thanks to greater cloud security;
•greater savings for Public Entities achieved through optimized use of resources;
•development of new skills in the Public Sector.
Over 40 scientific publications linked to the project have been produced and publicly available Zenodo community. The project website (www.sunfishproject.eu) provides a wide range of material, including brief presentation videos, White Papers, technical demos as well as a direct link to an ad-hoc online “SUNFISH Platform Accessibility Interface”, where project key outcomes – including software components, APIs and related guidelines and documentation – have been collected and openly accessible and reusable.
SUNFISH offers a solution to federate private and public clouds, enabling them to exchange data and services in a secure and controlled manner, based on a “democratic” governance model. SUNFISH conceives, designs and implements the idea of Federation-as-a-Service (FaaS); a secure-by-design cloud interoperability solution based on blockchain technology (SUNFISH Platform). The SUNFISH architecture is developed to be scalable and easily adoptable in any cloud environment and cloud system an adequate layer of API abstractions.
Thanks to the solution that has been brought up by the combined effort of the consortium, three major objectives have been achieved:
1. The possibility to integrate different public sector “clouds”, ensuring information security;
2. A greater efficiency in the use of IT infrastructure;
3. A new impetus to the development of services for EU citizens who may benefit from sensitive data shared securely between different private clouds.
SUNFISH’s competitive advantage, based on two important features of the solution, which make it unique compared to any other available product:
-Openness, that allows the SUNFISH Platform to be interoperable with most-established cloud platform solutions (AWS, Azure, Openstack) according to the type of cloud members part of the federation.
-Adaptability, allowing users to change the range of security services according to the federation’s needs, ranging from secure data storage and anonymization, to computation and monitoring.
Furthermore, this solution is conceived to be used by a broader horizon of stakeholders with different demands.

The SUNFISH project achieved five major milestones, with the aim to define Public Sector organizations requirements and use cases initial definition, as well as the first version of SUNFISH’s framework. The consolidation of the use cases allowed to integrate the SUNFISH’s framework.
Three use cases have been completed and are available for demonstration. Preparatory to this, an extensive state-of-the-art analysis was carried out.
The main results accomplished were:
•The first public sector organization requirements and use cases definition has been completed;
•A threat model has been defined;
•An initial impact assessment has been carried out;
•SUNFISH’s framework has been designed;
•A data security policy language has been defined;
•A baseline for the SLA definition language has been defined as well;
•Ad-hoc policies concerning security and monitoring have been selected;
•Specific techniques for data masking and cryptography have been defined.
Cooperation and synergies with similar relevant initiatives were consolidated with the Horizon 2020 project SLALOM (http://slalom-project.eu(s’ouvre dans une nouvelle fenêtre)) to exploit the SLALOM model for describing SUNFISH’s SLAs.
Several disseminations and communication actions have been carried out to present the project and its outcomes, including production and distribution of news items and publications also through the project’s website (linked also to a dedicated Twitter account). More than 41 scientific publications connected to the project have been produced by the consortium’s research organizations and published, and over 10 external events were attended by members of the consortium, who had the chance to present the project. There were 4 public workshops as well as also seven general partner meetings and the Final Conference (Rome - Nov.’17). The public has been targeted through the project’s communication activities, via several press releases, articles published on newspapers and web portals.

The SUNFISH ensures a high level of security and a continuous monitoring of the inter-cloud communications, while implementing cheap services, quickly, flexibly and securely between different private clouds. The solution is being developed mainly for European public organisations, and potentially also private sector companies could benefit from it.
The implementation of the platform provides evidence of how cloud-based services in heterogeneous and multi-layered cloud environments can be federated. All this putting users and data owners in full control over how their data is shared, processed and stored in a federation of private and public clouds.
The federation could serve as the vehicle for the development of a cloud infrastructure for the entire Public Sector, overcoming the present fragmentation among heterogenous data centers. The main contributions are:
•Economic value, reducing the investment required for cloud adoption and reducing the risk of cyber-attacks that currently generate high economic losses.
•Social value, promoting public trust in cloud technologies while increasing their uptake, even with innovation impact on both public and private bodies.
•Environmental value, improving the use of resources while reducing energy consumption.