Skip to main content

Secure Big Data Processing in Untrusted Clouds

Objective

SecureCloud addresses the confidentiality, integrity and availability of applications executed in the cloud. Data at rest or in transit on the network is already nowadays protected by encryption. The main problem that we face is how to ensure the confidentiality of data while being processed. Our approach is based on upcoming hardware extensions of commodity CPUs like Intel's Secure Guard Extensions (SGX). By the help of these hardware extensions, we reduce the trusted computing base dramatically by excluding from it the millions of lines of source code of the cloud stack, operating systems and hypervisor. This permits us to ensure the confidentiality of computations even if the computers are under a different administrative control (like a cloud provider) or there is no physical security of the computers. Moreover, we ensure the confidentiality even if attackers would take control of the cloud stack, the hypervisor or the operating systems. As long as the hardware extensions of the CPU can be trusted, we can ensure the confidentiality of the computations.
SecureCloud focuses on ensuring the confidential and dependable processing of Big Data. To keep the trusted computing base small, we use the concept of microservices: only the application logic that processes data (e.g., operators) is protected while all functionality that, e.g., shuffles and stores encrypted data is outside the trusted computing base. By monitoring the microservices, we can restart services that run on compromised hosts. We will evaluate and demonstrate our approach in the context of smart grids. In this use case context, we need to run across a physically distributed computing infrastructure with no or little physical security and partly untrusted administrators. We need to process large volumes of data and this big data processing would benefit by partial offloading into the cloud. In SecureCloud, we will show how to do this in a secure fashion even if clouds are untrusted.

Field of science

  • /natural sciences/computer and information sciences/software/system software/operating systems
  • /natural sciences/computer and information sciences/data science/big data
  • /natural sciences/computer and information sciences/data science/data processing
  • /engineering and technology/electrical engineering, electronic engineering, information engineering/electronic engineering/computer hardware/computer processor

Call for proposal

H2020-EUB-2015
See other projects for this call

Funding Scheme

RIA - Research and Innovation action

Coordinator

TECHNISCHE UNIVERSITAET DRESDEN
Address
Helmholtzstrasse 10
01069 Dresden
Germany
Activity type
Higher or Secondary Education Establishments
EU contribution
€ 499 624,50

Participants (6)

IMPERIAL COLLEGE OF SCIENCE TECHNOLOGY AND MEDICINE
United Kingdom
EU contribution
€ 499 252,50
Address
South Kensington Campus Exhibition Road
SW7 2AZ London
Activity type
Higher or Secondary Education Establishments
UNIVERSITE DE NEUCHATEL
Switzerland
EU contribution
€ 0
Address
Faubourg De L'hopital 41
2000 Neuchatel
Activity type
Higher or Secondary Education Establishments
CHOCOLATE CLOUD APS
Denmark
EU contribution
€ 199 500
Address
Niels Jernes Vej 10
9220 Aalborg Ost
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
SYNC LAB SRL
Italy
EU contribution
€ 201 250
Address
Via G Porzio Cdn Isola B 8
80143 Napoli
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
THE ISRAEL ELECTRIC CORPORATION LIMITED
Israel
EU contribution
€ 100 000
Address
Ntiv Haor 1
31000 Haifa
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
CLOUDSIGMA AG
Switzerland
EU contribution
€ 0
Address
Badenerstrasse 549
8048 Zurich
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)