Skip to main content

Secure Big Data Processing in Untrusted Clouds

Deliverables

Requirements & architecture specification – initial version

This report will contain an initial description of the uses-cases and scenarios. It will list end-user requirements as well as technical, functional and non-functional ones. A coarse description of the architecture and the components of the SecureCloud platform will be included.

Analysis of existing technologies

Analysis of existing hardware technologies for supporting secure processing and a project of services APIs that define how these technologies can be exploited in the context of secure cloud computing.

Description of dependability mechanism used by the micro-service framework

This deliverable will describe the dependability approach used to make micro-services robust to failures.

Data management plan

This report includes the procedures to manage the data gathered in the demonstrators. This deliverable will evolve during the lifetime of the project in order to present the status of the project's reflections on data management.

Requirements & architecture specification – final version

This report contains the final uses-cases, requirements and fine-grained architecture of the SecureCloud platform incorporating the lessons learned from the execution of WP5 demonstrators.

Perdiodic dissemination and clustering activities report (3 versions)

Annual Reports (due months 12, 24, 36) on the dissemination actions taken to promote the main project achievements, as well as interactions/synergies with related research initiatives. Small publication, containing highlights on major project achievements in the reporting period. Language style will be oriented to the public audience at large. (Contributing task: T6.1)

Integrated implementation of the micro-services for distributed big data applications

In this deliverable, the final implementations of the secure communication, distributed storage, map/reduce, and scheduling components of WP4 will be provided. These final versions will have been validated using continuous integration and validation mechanisms of WP1 and using use cases of WP5.

Standardization activities

Report on the activities undertaken for maximizing SecureCloud impact in terms of: i) industrial take-up, by ensuring that the proposed technology be compliant to the emerging standards in the field, and ii) contribution to standards, by approaching standardization bodies and possibly contributing to their work. Contributing task: T6.4

Specification and design of the micro-services for distributed big data applications

This deliverable will conclude the design phase in WP4. It will specify the interfaces and semantics of the main components of the work package, namely the secure communication, distributed storage, and map/reduce libraries.

Demonstrator for the end-to-end secure and privacy-friendly application for smart meter data

A demonstrator illustrating a data-processing application that considers data that should be known by neither the application nor the cloud providers.

Periodic project exploitation and use plan (2 versions)

Report (two releases, the first in M24 and the second in M36) on the market analysis and business plans by the involved partners associated with the specific market segments of the SecureCloud pilot domain as well as the SecureCloud potential market in general. Contributing task: T6.2.

Periodic research newsletter (3 versions)

Annual (3 versions due M12, M24 and M36) and jargon-free on-line publications providing direct and timely updates on project highlights. Contributing tasks: T6.1, T6.2.

Description of programming model for new micro-services

This deliverable will describe the programming model for new micro-services that makes them safe-by-design.

Requirements & architecture specification – intermediate version

Besides a refinement of the uses-cases and the requirements, this report will contain a detailed description of the fine-grained architecture of the SecureCloud platform including all the interfaces between the components.

Demonstrator for strict-QoS application with realistic workloads running in a secure cloud

A demonstrator illustrating a data-processing application that requires robust responsiveness (i.e., applications that actuate on the smart grid).

Preliminary implementation of the communication and storage mechanisms

This deliverable will provide a preliminary implementation of the communication and storage mechanisms (with complete API support but no security/dependability features).

Specification and implementation of the micro-service framework and API

This deliverable will describe the micro-service framework and document its associated API that will be used to implement micro-services. It also will provide a preliminary implementation of the micro-services and API.

Specification and implementation of reusable secure micro-services

This deliverable will describe the five generic secure micro-services that are developed by Task T3.2. It will provide as well an implementation of the micro-services with its feature-frozen API.

First implementation of the micro-services for distributed big data applications

This deliverable will contain the final implementation of the secure communication mechanisms, an advanced implementation of the distributed data store (with security but without privacy-aware scheduling support), a first prototype of the secure map/reduce framework, and basic scheduling mechanisms (not privacy-aware).

Monitoring and orchestration services for large, high-responsive applications

As described above, a new approach for monitoring and orchestration services will be implemented to enable fast reaction and QoS enforcement for applications that require both QoS and secure analytics with low response times.

Project web site

The project website is set up and put on-line. Every six months a snapshot of the Web site will be made and released as a DVD (possibly in bundle with additional dissemination materials). (Contributing task: T6.3)

Services for trust management for secure resources

This prototype will enable application and higher-level services prototypes to use the secure resources in the context of cloud computing. The first services will enable creation, deletion, , interconnection, accounting and scheduling of secure resources.

Searching for OpenAIRE data...

Publications

SecureCloud: Secure big data processing in untrusted clouds

Author(s): Florian Kelbert, Franz Gregor, Rafael Pires, Stefan Kopsell, Marcelo Pasin, Aurelien Havet, Valerio Schiavoni, Pascal Felber, Christof Fetzer, Peter Pietzuch
Published in: Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, 2017, Page(s) 282-285
DOI: 10.23919/date.2017.7926999

SecureStreams - A Reactive Middleware Framework for Secure Data Stream Processing

Author(s): Aurélien Havet, Rafael Pires, Pascal Felber, Marcelo Pasin, Romain Rouvoy, Valerio Schiavoni
Published in: Proceedings of the 11th ACM International Conference on Distributed and Event-based Systems - DEBS '17, 2017, Page(s) 124-133
DOI: 10.1145/3093742.3093927

A Lightweight MapReduce Framework for Secure Processing with SGX

Author(s): Rafael Pires, Daniel Gavril, Pascal Felber, Emanuel Onica, Marcelo Pasin
Published in: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017, Page(s) 1100-1107
DOI: 10.1109/CCGRID.2017.129

X-search - revisiting private web search using intel SGX

Author(s): Sonia Ben Mokhtar, Antoine Boutet, Pascal Felber, Marcelo Pasin, Rafael Pires, Valerio Schiavoni
Published in: Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference on - Middleware '17, 2017, Page(s) 198-208
DOI: 10.1145/3135974.3135987

GENPACK: A Generational Scheduler for Cloud Data Centers

Author(s): Aurelien Havet, Valerio Schiavoni, Pascal Felber, Maxime Colmant, Romain Rouvoy, Christof Fetzer
Published in: 2017 IEEE International Conference on Cloud Engineering (IC2E), 2017, Page(s) 95-104
DOI: 10.1109/ic2e.2017.15

Cloudifying Critical Applications: A Use Case from the Power Grid Domain

Author(s): F. Campanile, L. Coppolino, S. DAntonio, L. Lev, G. Mazzeo, L. Romano, L. Sgaglione, F. Tessitore
Published in: 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), 2017, Page(s) 363-370
DOI: 10.1109/pdp.2017.50

SGXBOUNDS - Memory Safety for Shielded Execution

Author(s): Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, Christof Fetzer
Published in: Proceedings of the Twelfth European Conference on Computer Systems - EuroSys '17, 2017, Page(s) 205-221
DOI: 10.1145/3064176.3064192

Developing a secure SQL/key-value translation service

Author(s): BOBERG, D. ; GOMES-JR, L. C. ; ROSA, M. O. ; FONSECA, K. V. O
Published in: PROCEEDINGS OF THE WORKSHOP DE PESQUISA EM COMPUTAÇÃO DOS CAMPOS GERAIS - 2017 (WPCCG’2017), 2017

Secure and Privacy-Aware Data Dissemination for Cloud-Based Applications

Author(s): Lilia Sampaio, Fábio Silva, Amanda Souza, Andrey Brito, Pascal Felber
Published in: Proceedings of the10th International Conference on Utility and Cloud Computing - UCC '17, 2017, Page(s) 47-56
DOI: 10.1145/3147213.3147230

Secure Content-Based Routing Using Intel Software Guard Extensions

Author(s): Rafael Pires, Marcelo Pasin, Pascal Felber, Christof Fetzer
Published in: Proceedings of the 17th International Middleware Conference on - Middleware '16, 2016, Page(s) 1-10
DOI: 10.1145/2988336.2988346

FFQ: A Fast Single-Producer/Multiple-Consumer Concurrent FIFO Queue

Author(s): Sergei Arnautov, Pascal Felber, Christof Fetzer, Bohdan Trach
Published in: 2017 IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2017, Page(s) 907-916
DOI: 10.1109/ipdps.2017.41

DynSGX: A Privacy Preserving Toolset for Dinamically Loading Functions into Intel(R) SGX Enclaves

Author(s): Rodolfo Silva, Pedro Barbosa, Andrey Brito
Published in: 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2017, Page(s) 314-321
DOI: 10.1109/CloudCom.2017.42

Glamdring: Automatic Application Partitioning for Intel {SGX}

Author(s): Lind, J; Priebe, C; Muthukumaran, D; O'Keeffe, D; Aublin, P; Kelbert, F; Reiher, T; Goltzsche, D; Eyers, D; Kapitza, R; Fetzer, C; Pietzuch, P
Published in: Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC ’17), 2017
DOI: 10044/1/48105

Security and privacy preserving data aggregation in cloud computing

Author(s): Leandro Ventura Silva, Rodolfo Marinho, Jose Luis Vivas, Andrey Brito
Published in: Proceedings of the Symposium on Applied Computing - SAC '17, 2017, Page(s) 1732-1738
DOI: 10.1145/3019612.3019795

Introducing SECURESTREAMS: Scalable Middleware for Reactive and Secure Data Stream Processing

Author(s): Aurelien Havet, Valerio Schiavoni, Pascal Felber, Romain Rouvoy
Published in: 2017 IEEE International Conference on Cloud Engineering (IC2E), 2017, Page(s) 1-4
DOI: 10.1109/IC2E.2017.50

Troxy: Transparent Access to Byzantine Fault-Tolerant Systems

Author(s): Bijun Li, Nico Weichbrodt, Johannes Behl, Pierre-Louis Aublin, Tobias Distler, Rudiger Kapitza
Published in: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2018, Page(s) 59-70
DOI: 10.1109/dsn.2018.00019

sgx-perf - A Performance Analysis Tool for Intel SGX Enclaves

Author(s): Nico Weichbrodt, Pierre-Louis Aublin, Rüdiger Kapitza
Published in: Proceedings of the 19th International Middleware Conference on - Middleware '18, 2018, Page(s) 201-213
DOI: 10.1145/3274808.3274824

SecureKeeper - Confidential ZooKeeper using Intel SGX

Author(s): Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, Rüdiger Kapitza
Published in: Proceedings of the 17th International Middleware Conference on - Middleware '16, 2016, Page(s) 1-13
DOI: 10.1145/2988336.2988350

SGX-Aware Container Orchestration for Heterogeneous Clusters

Author(s): Sebastien Vaucher, Rafael Pires, Pascal Felber, Marcelo Pasin, Valerio Schiavoni, Christof Fetzer
Published in: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018, Page(s) 730-741
DOI: 10.1109/ICDCS.2018.00076

LibSEAL - revealing service integrity violations using trusted execution

Author(s): Pierre-Louis Aublin, Peter Pietzuch, Florian Kelbert, Dan O'Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers
Published in: Proceedings of the Thirteenth EuroSys Conference on - EuroSys '18, 2018, Page(s) 1-15
DOI: 10.1145/3190508.3190547

EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution

Author(s): David Goltzsche, Signe Rusch, Manuel Nieke, Sebastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Cosa, Christof Fetzer, Pascal Felber, Peter Pietzuch, Rudiger Kapitza
Published in: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2018, Page(s) 386-397
DOI: 10.1109/dsn.2018.00048

Secure and Scalable Key Value Storage for Managing Big Data in Smart Cities Using Intel SGX

Author(s): Daniel Enrique Lucani, Marcell Feher, Keiko Fonseca, Marcelo Rosa, Bogdan Despotov
Published in: 2018 IEEE International Conference on Smart Cloud (SmartCloud), 2018, Page(s) 70-76
DOI: 10.1109/smartcloud.2018.00020

Cloud Challenge: Secure End-to-End Processing of Smart Metering Data

Author(s): Andrey Brito, Christof Fetzer, Stefan Kopsell, Marcelo Pasin, Pascal Felber, Keiko Fonseca, Marcelo Rosa, Luiz Gomes, Rodrigo Riella, Charles Prado, Luiz F.R. da Costa Carmo, Daniel Lucani, Marton Sipos, Laszlo Nagy, Marcell Feher
Published in: 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion), 2018, Page(s) 36-42
DOI: 10.1109/ucc-companion.2018.00031

ShieldBox - Secure Middleboxes using Shielded Execution

Author(s): Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, Christof Fetzer
Published in: Proceedings of the Symposium on SDN Research - SOSR '18, 2018, Page(s) 1-14
DOI: 10.1145/3185467.3185469

CYCLOSA: Decentralizing Private Web Search through SGX-Based Browser Extensions

Author(s): Rafael Pires, David Goltzsche, Sonia Ben Mokhtar, Sara Bouchenak, Antoine Boutet, Pascal Felber, Rudiger Kapitza, Marcelo Pasin, Valerio Schiavoni
Published in: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018, Page(s) 467-477
DOI: 10.1109/ICDCS.2018.00053

Privacy-preserving recommendations for Online Social Networks using Trusted Execution

Author(s): Guilmour Rossi, Luiz Gomes-Jr, Marcelo Rosa, Keiko Fonseca
Published in: Xviii Simpósio Brasileiro Em Segurança Da Informação E De Sistemas Computacionais, 2018, Page(s) 41-48

IBBE-SGX: Cryptographic Group Access Control Using Trusted Execution Environments

Author(s): Stefan Contiu, Rafael Pires, Sebastien Vaucher, Marcelo Pasin, Pascal Felber, Laurent Reveillere
Published in: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2018, Page(s) 207-218
DOI: 10.1109/DSN.2018.00032

Securing Smart Metering applications in Untrusted Clouds with the SecureCloud Platform

Author(s): Rodrigo J. Riella, Luciana M. Iantorno, Laerte C. R. Junior, Dilmari Seidel, Keiko V. O. Fonseca, Luiz Gomes-Jr, Marcelo O. Rosa
Published in: Proceedings of the 1st Workshop on Privacy by Design in Distributed Systems - W-P2DS'18, 2018, Page(s) 1-6
DOI: 10.1145/3195258.3195263

Securing VoD Content with SGX: A Decryption Performance Evaluation in Client-Side

Author(s): Ricardo de S. Costa, Daniel F. Pigatto, Keiko V. O. Fonseca, Marcelo de O. Rosa
Published in: Anais do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), 2018, Page(s) 127-140

An Approach for Securing Critical Applications in Untrusted Clouds

Author(s): Luigi Coppolino, Salvatore D'Antonio, Giovanni Mazzeo, Gaetano Papale, Luigi Sgaglione, Ferdinando Campanile
Published in: 2018 26th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), 2018, Page(s) 436-440
DOI: 10.1109/PDP2018.2018.00076

LibSEAL: Detecting Service Integrity Violations Using Trusted Execution

Author(s): Pierre-Louis Aublin, Florian Kelbert, Dan O’Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, Peter Pietzuch
Published in: Proceedings of the Twelth European Conference on Computer Systems (EuroSys), 2017

TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves

Author(s): Pierre-Louis Aublin, Florian Kelbert, Dan O'Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers and Peter Pietzuch
Published in: 2017

Teechain: Scalable Blockchain Payments using Trusted Execution Environments

Author(s): Joshua Lind, Ittay Eyal, Florian Kelbert, Oded Naor, Peter Pietzuch, Emin Gun Sirer
Published in: 2017

Building Critical Applications Using Microservices

Author(s): Christof Fetzer
Published in: IEEE Security & Privacy, Issue 14/6, 2016, Page(s) 86-89, ISSN 1540-7993
DOI: 10.1109/msp.2016.129