Secure and Resilient Cloud Architecture

Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. These questions are currently not answered satisfactorily by existing technologies. Furthermore, recent developments in the wake of the expansive and sometimes unauthorized government access to private and sensitive data raise major privacy and security concerns about data located in the cloud, especially when data is physically located, processed, or must transit outside the legal jurisdiction of its rightful owner. This is exacerbated by providers of cloud services that frequently move and process data without notice in ways that are detrimental to the users and their privacy.

Typical cloud end-users, either individuals or small companies, use cloud-based services for email, storage, accounting and social interactions. These users essentially take what is offered by their cloud providers with respect to privacy and security, and will clearly benefit from the improved security and privacy offered by SafeCloud. We also believe that SafeCloud will contribute to the European society as a whole by keeping the EU at the forefront of privacy protection rights. The technology developed as part of the project will thus be of interest for international private and commercial entities that might consider the privacy and security offered by European cloud providers for long-term preservation and processing of their data. One of the key long-term ambitious goals of this project is thus to exploit and integrate increased privacy technologies into mass market products. Although part of this objective comes from novel scientific contributions, it is also important to bring existing knowledge from distributed systems and information security to practice. We would like this project to be a catalyst for cloud service providers starting to offer privacy-enhanced services on a large scale by showing them that it can be achieved at reasonable cost and without noticeable performance degradation.

SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be (1) partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design; (2) entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity. These two principles (partitioning and entanglement) are thus applied holistically across the entire data management stack, from communication to storage and processing. Users will control the choice of non-colluding domains for partitioning and the tradeoffs between entanglement and performance, and thus will have full control over what happens to their data. This will make users less reluctant to manage their personal data online due to privacy concerns and will generate positive business cases for privacy-sensitive online applications such as the distributed cloud infrastructure and medical record storage platform that we address.

During the first twelve months of the project the main objectives of the SafeCloud consortium were (1) to define the architecture of the three main layers of the project, (2) to design the integrated architecture with all the layers, (3) to describe the challenges and requirements of the project use cases, and (4) to disseminate these early results and design choices.

The architecture for all specific layers, as well as their integration, have been defined and detailed in the project deliverables. We designed and integrated the three layers in order to present a global solution that addresses all the SafeCloud objectives.

We detailed the SafeCloud use cases, thus ensuring that the devised architecture components and chosen techniques comply with the requirements of the industrial partners. We also addressed the legal aspects related to the project, again based on the challenges encountered by our industrial partners.

Finally, the SafeCloud objectives and the work developed this year were disseminated by resorting to several media channels.

The base progress for the first year, aligned with the deliverables for the project's core work packages (WP1, WP2 & WP3), is the overall architecture combining the solutions for all the three layers. Published results, showing progress beyond the state of the art, cover private communication middleware, trustworthy storage and private data processing. For middleware, we proposed a scalable and general purpose port-knocking tool. For storage, we carried out and presented a set of experiments addressing the cost of safe storage for public clouds. We also studied reliability-bandwidth tradeoffs and existing erasure coding libraries. We proposed a platform to experiment with coding techniques for storage in the cloud. For private data processing, we published a performance evaluation of multi-party protocols on HBase. We also progressed beyond the state of the art with respect to the long-term secure block device as well as privacy-preserving storage and computation techniques. These results are discussed in the project deliverables, but have not yet been published in the scientific literature.

For social awareness, we presented the objectives and insights of the project through several open events and press releases. One particular highlight is the mobile application SafeCloud Photos, freely released for both the iOS and Android platforms, to securely and privately store photographs on the Cloud. Although not part of the project DoA, the application is based on the project core ideas and is the first initiative towards the exploitation of the SafeCloud results through the creation of a start-up company.