Periodic Reporting for period 2 - SafeCloud (Secure and Resilient Cloud Architecture)
Reporting period: 2016-09-01 to 2018-08-31
Typical cloud end-users, either individuals or small companies, use cloud-based services for email, storage, accounting and social interactions. These users essentially take what is offered by their cloud providers with respect to privacy and security, and will clearly benefit from the improved security and privacy offered by SafeCloud. We also believe that SafeCloud will contribute to the European society as a whole by keeping the EU at the forefront of privacy protection rights. The technology developed as part of the project will thus be of interest for international private and commercial entities that might consider the privacy and security offered by European cloud providers for long-term preservation and processing of their data. One of the key long-term ambitious goals of this project is thus to exploit and integrate increased privacy technologies into mass market products. Although part of this objective comes from novel scientific contributions, it is also important to bring existing knowledge from distributed systems and information security to practice. We would like this project to be a catalyst for cloud service providers starting to offer privacy-enhanced services on a large scale by showing them that it can be achieved at reasonable cost and without noticeable performance degradation.
SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be (1) partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design; (2) entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity. These two principles (partitioning and entanglement) are thus applied holistically across the entire data management stack, from communication to storage and processing. Users will control the choice of non-colluding domains for partitioning and the tradeoffs between entanglement and performance, and thus will have full control over what happens to their data. This will make users less reluctant to manage their personal data online due to privacy concerns and will generate positive business cases for privacy-sensitive online applications such as the distributed cloud infrastructure and medical record storage platform that we address.
The architecture for all specific layers, as well as their integration, have been defined and detailed in the project deliverables. We designed and integrated the three layers in order to present a global solution that addresses all the SafeCloud objectives.
We detailed the SafeCloud use cases, thus ensuring that the devised architecture components and chosen techniques comply with the requirements of the industrial partners. We also addressed the legal aspects related to the project, again based on the challenges encountered by our industrial partners.
Finally, the SafeCloud objectives and the work developed this year were disseminated by resorting to several media channels.
For social awareness, we presented the objectives and insights of the project through several open events and press releases. One particular highlight is the mobile application SafeCloud Photos, freely released for both the iOS and Android platforms, to securely and privately store photographs on the Cloud. Although not part of the project DoA, the application is based on the project core ideas and is the first initiative towards the exploitation of the SafeCloud results through the creation of a start-up company.