CORDIS
EU research results

CORDIS

English EN
Secure Big Data Processing in Untrusted Clouds

Secure Big Data Processing in Untrusted Clouds

Objective

SecureCloud addresses the confidentiality, integrity and availability of applications executed in the cloud. Data at rest or in transit on the network is already nowadays protected by encryption. The main problem that we face is how to ensure the confidentiality of data while being processed. Our approach is based on upcoming hardware extensions of commodity CPUs like Intel's Secure Guard Extensions (SGX). By the help of these hardware extensions, we reduce the trusted computing base dramatically by excluding from it the millions of lines of source code of the cloud stack, operating systems and hypervisor. This permits us to ensure the confidentiality of computations even if the computers are under a different administrative control (like a cloud provider) or there is no physical security of the computers. Moreover, we ensure the confidentiality even if attackers would take control of the cloud stack, the hypervisor or the operating systems. As long as the hardware extensions of the CPU can be trusted, we can ensure the confidentiality of the computations.
SecureCloud focuses on ensuring the confidential and dependable processing of Big Data. To keep the trusted computing base small, we use the concept of microservices: only the application logic that processes data (e.g., operators) is protected while all functionality that, e.g., shuffles and stores encrypted data is outside the trusted computing base. By monitoring the microservices, we can restart services that run on compromised hosts. We will evaluate and demonstrate our approach in the context of smart grids. In this use case context, we need to run across a physically distributed computing infrastructure with no or little physical security and partly untrusted administrators. We need to process large volumes of data and this big data processing would benefit by partial offloading into the cloud. In SecureCloud, we will show how to do this in a secure fashion even if clouds are untrusted.
Leaflet | Map data © OpenStreetMap contributors, Credit: EC-GISCO, © EuroGeographics for the administrative boundaries

Coordinator

TECHNISCHE UNIVERSITAET DRESDEN

Address

Helmholtzstrasse 10
01069 Dresden

Germany

Activity type

Higher or Secondary Education Establishments

EU Contribution

€ 499 624,50

Participants (6)

Sort alphabetically

Sort by EU Contribution

Expand all

IMPERIAL COLLEGE OF SCIENCE TECHNOLOGY AND MEDICINE

United Kingdom

EU Contribution

€ 499 252,50

UNIVERSITE DE NEUCHATEL

Switzerland

CHOCOLATE CLOUD APS

Denmark

EU Contribution

€ 199 500

SYNC LAB SRL

Italy

EU Contribution

€ 201 250

THE ISRAEL ELECTRIC CORPORATION LIMITED

Israel

EU Contribution

€ 100 000

CLOUDSIGMA AG

Switzerland

Project information

Grant agreement ID: 690111

Status

Closed project

  • Start date

    1 January 2016

  • End date

    31 December 2018

Funded under:

H2020-EU.2.1.1.

  • Overall budget:

    € 2 285 377

  • EU contribution

    € 1 499 627

Coordinated by:

TECHNISCHE UNIVERSITAET DRESDEN

Germany