Skip to main content

Secure Big Data Processing in Untrusted Clouds

Objective

SecureCloud addresses the confidentiality, integrity and availability of applications executed in the cloud. Data at rest or in transit on the network is already nowadays protected by encryption. The main problem that we face is how to ensure the confidentiality of data while being processed. Our approach is based on upcoming hardware extensions of commodity CPUs like Intel's Secure Guard Extensions (SGX). By the help of these hardware extensions, we reduce the trusted computing base dramatically by excluding from it the millions of lines of source code of the cloud stack, operating systems and hypervisor. This permits us to ensure the confidentiality of computations even if the computers are under a different administrative control (like a cloud provider) or there is no physical security of the computers. Moreover, we ensure the confidentiality even if attackers would take control of the cloud stack, the hypervisor or the operating systems. As long as the hardware extensions of the CPU can be trusted, we can ensure the confidentiality of the computations.
SecureCloud focuses on ensuring the confidential and dependable processing of Big Data. To keep the trusted computing base small, we use the concept of microservices: only the application logic that processes data (e.g. operators) is protected while all functionality that, e.g. shuffles and stores encrypted data is outside the trusted computing base. By monitoring the microservices, we can restart services that run on compromised hosts. We will evaluate and demonstrate our approach in the context of smart grids. In this use case context, we need to run across a physically distributed computing infrastructure with no or little physical security and partly untrusted administrators. We need to process large volumes of data and this big data processing would benefit by partial offloading into the cloud. In SecureCloud, we will show how to do this in a secure fashion even if clouds are untrusted.

Coordinator

TECHNISCHE UNIVERSITAET DRESDEN
Net EU contribution
€ 499 624,50
Address
Helmholtzstrasse 10
01069 Dresden
Germany

See on map

Region
Sachsen Dresden Dresden, Kreisfreie Stadt
Activity type
Higher or Secondary Education Establishments
Other funding
€ 0,00

Participants (6)

IMPERIAL COLLEGE OF SCIENCE TECHNOLOGY AND MEDICINE
United Kingdom
Net EU contribution
€ 499 252,50
Address
South Kensington Campus Exhibition Road
SW7 2AZ London

See on map

Region
London Inner London — West Westminster
Activity type
Higher or Secondary Education Establishments
Other funding
€ 0,00
UNIVERSITE DE NEUCHATEL
Switzerland
Net EU contribution
€ 0,00
Address
Faubourg De L'hopital 41
2000 Neuchatel

See on map

Region
Schweiz/Suisse/Svizzera Espace Mittelland Neuchâtel
Activity type
Higher or Secondary Education Establishments
Other funding
€ 537 000,00
CHOCOLATE CLOUD APS
Denmark
Net EU contribution
€ 199 500,00
Address
Niels Jernes Vej 10
9220 Aalborg Ost

See on map

SME

The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.

Yes
Region
Danmark Nordjylland Nordjylland
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Other funding
€ 0,00
SYNC LAB SRL
Italy
Net EU contribution
€ 201 250,00
Address
Via G Porzio Cdn Isola B 8
80143 Napoli

See on map

SME

The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.

Yes
Region
Sud Campania Napoli
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Other funding
€ 0,00
THE ISRAEL ELECTRIC CORPORATION LIMITED
Israel
Net EU contribution
€ 100 000,00
Address
Ntiv Haor 1
31000 Haifa

See on map

Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Other funding
€ 0,00
CLOUDSIGMA AG
Switzerland
Net EU contribution
€ 0,00
Address
Badenerstrasse 549
8048 Zurich

See on map

SME

The organization defined itself as SME (small and medium-sized enterprise) at the time the Grant Agreement was signed.

Yes
Region
Schweiz/Suisse/Svizzera Zürich Zürich
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Other funding
€ 248 750,00