Protecting Sensitive Data in the Computing Continuum

The FogProtect solutions can be used in multiple contexts to support many types of applications and services. FogProtect combines four main technology innovations: (1) secure data container technology for data portability and mobility, (2) data-protection-aware adaptive service and resource management, (3) advanced data protection policy management, (4) dynamic data protection risk management models and tools. Three complementary real-world use cases demonstrate the applicability of FogProtect solutions to multiple contexts and the impact of the project’s novel solutions for data protection: smart cities, smart manufacturing and smart media. FogProtect brings together knowledge and solutions of major European ICT providers together with competence of innovative SMEs and deep technical knowledge of leading research organizations, ensuring it has high scientific, technological and economic impact. The project objectives are:
• End-to-end, cross computing continuum data protection architecture and methodology;
• Secure data container technology for secure data portability;
• Data protection aware adaptive services and resource management engines;
• Data protection policy management techniques;
• Dynamic data protection risk management models and tools;
• Validation in three complementary use cases;
• Sustainable impact;

As reported in the FogProtect Assessment Report #1 the progress overview has been evolving at the originally anticipated pace. The consortium has managed to keep the overall progress as initially planned. The work performed from the beginning achieved until this phase is detailed in the periodic report part B.
FogProtect will significantly advance beyond the state of the art in the project’s four innovation areas: i) Secure Data Containers, ii) Service Management and Adaptation, iii) Data Protection Policy Management and iv) Dynamic Risk Management.
The D8.5 explains how FogProtect:
“Using the Mesh for Data to provide a secure data fabric”: FogProtect realised that extending the service mesh concept to control communication based on policy-based access rules would provide a powerful solution for FogProtect the end-to-end protection of data in the fog-to-cloud continuum. To that end, we are leveraging and contributing to the Open-Source project, “The Mesh for Data” (M4D) being driven by IBM;
“How to use the Service Management & Adaptation componentes” Although the focus of these components being on the runtime aspects, some preparatory activities are required at design time in order to use the Service Management & Adaptation components;
“How to use the Data Protection Policy Management Components” At design time, security experts shall proceed to the definition of the security context with two artefacts: • Security policies gain their expressivity from MSPL language. • Data lifecycle models shall serve the operational context of the use case;
“How to use Risk Management” The FogProtect extensions to the Risk Analysis extend the risk management from a static, design-time approach to dynamic, runtime operation where threats are automatically detected on a running system.

More specifically, FogProtect targets the following impact-oriented opportunities:

1. Contribute to the development of an ecosystem that will respond to the future digitisation needs of industry and the public sector
FogProtect has leveraged and contributed to the Open Source project, “The Mesh for Data” (M4D) being driven by IBM. M4D builds on top of leading industrial technologies, such as Docker containers for the portability of services, and Kubernetes, for the management and orchestration of containerized applications. Other third-party frameworks used include Istio - for service mesh implementation, Open Policy Agent (OPA) - for access policy definition and evaluation, and Helm - to reduce the complexity of deploying Kubernetes applications.
Besides this contribution, partners have also been working towards the involvement of a digital Innovation Hub in the project, both for knowledge sharing but also for partners to understand the current digitisation needs.
Ubiwhere is one of the service providers for the Azores Digital Innovation Hub in Sustainability and Tourism 4.0 in order to contribute towards a Sustainable Tourism in Islands 4.0. We recognize that the role of DIH and EDIH is key to support companies – especially SMEs and mid-caps – and/or the public sector in digitally optimising their service offerings and improving their (business/administrative) processes.
Ubiwhere will provide services for digitalization by interconnecting knowledge, technologies and people. The outcomes from FogProtect, be it open-source software, best practices for data protection, or relevant use cases for Sustainable Tourism, will be exploited by the Portuguese SME.

2. Assist the development of new cloud-based services and infrastructures in Europe and foster an industrial capability in the cloud computing sector
Both private companies and the public sector face critical data protection challenges, which often create resistance to adopting next-generation technologies (e.g. fog/cloud computing applications).
Partners are currently designing the strategy for the involvement of external stakeholders, the validation of FogProtect’s results, to collect feedback and boost a wider adoption of such technology. The target stakeholders include open source technology groups, industry working groups related to 5G, IoT, M2M, cloud and edge computing and technology incubators and accelerators focused on technology.

3. Create new opportunities to encourage European-based providers, in particular SMEs, to develop and offer cloud-based services based on the most advanced technologies
Five of FogProtect’s European-based providers will exploit FogProtect’s opportunities to deliver new services and advanced technologies during, beyond and after the project. It is important for these partners to establish active and close contact with the market and shape the research and innovation activities to guarantee the industry relevance of the solutions and promote their uptake. How each of these partners will explore the project’s results is presented in the “Initial Exploitation Strategy”.
Besides this exploitation, Ubiwhere and ATC will demonstrate how FogProtect can create new market opportunities in relevant use cases. The Smart City use case shows how new market opportunities can be created, enabling real-time feedback on data gathered in public surveillance, the Smart Media use case involving ATC will exploit the FogProtect framework to capitalise on the benefits of real-time broadcasting content processing and address privacy and security concerns.

4. Leverage R&I projects to support the development and deployment of innovative cloud-based services and next generation applications, for the public and private sectors
Beyond the potential applications demonstrated via the FogProtect use cases, many other areas for such applications are feasible such as Connected Cars or Automated Mobility. From the start, FogProtect partners have actively searched for collaboration with people and organisations from outside of the consortium and new clusters of European projects, open-source community and industry associations such as Future Cloud Cluster, HUB4CLOUD, FIWARE and Big Data Value Association. Partners plan on having 2 public releases of the FogProtect Handbook.