Your work is safe with Secure Cloud's services. As is coded directly in the cloud.
SecureCloud is an ecosystem of cloud facilities characterized by superior security guarantees, providing protection from attacks by privileged users (e.g. the cloud provider or the system administrator) and software (e.g. the hypervisor). Protection relies on new security extensions recently introduced into commercially available off-the-shelf CPUs. The current implementation is based on Intel SGX, but support for additional platforms might become available in the future. SecureCloud is customizable, since it enables developers to build a cloud-based computing environment based on SGX-enabled containers that matches their personal preferences. SecureCloud is modular, because it allows developers to pick and use only the features that they need/want. SecureCloud is flexible, since it can satisfy a wide range of customers-specific requirements including big data processing, secure intra-cloud communication, precise microservice scheduling and reliable data storage. SecureCloud is interoperable, in that its facilities can be seamlessly integrated with best of breed offerings from the Open Source community.
Imperial College London (IMP) has developed TaLoS, a library that is used as part of the SecureCloud auditing service.
LibSEAL uses the TaLoS library described abobe to securely log all requests and responses sent to a microservice.
Imperial College London (IMP) has developed a new component for secure big data processing called SGX-Spark.
SCONE is a platform to build and run secure applications with the help of Intel SGX (Software Guard eXtensions).
CC is developing a distributed Secure Key-Value Store (KVS) that is integrated with the other components of SecureCloud.
CC has developed “CodingLib-SGX”, an erasure coding library for Random Linear Network Coding (RLNC) designed specifically for SGX.
UniNE’s Secure Content-Based Routing is a message-passing service based on the publish-subscribe paradigm.
UniNE’s Secure Map Reduce is a proof-of-concept map-reduce implementation specially tailored for small- to medium-footprint batch processing micro-services.
UniNE’s Secure Streams is a middleware framework for developing and deploying secure stream processing on untrusted distributed environments.
Kubernetes is an open-source project maintained by Google to automatically deploy, scale in and out, and manage containerized applications on computer clusters.
The usage of SGX, be it directly in an application or through SGX-based microservices, requires that the cloud environment adequately supports and exposes the SGX resources.
These tools and configurations that enable users to build applications that can process large amounts of data in a deadline-aware scalable fashion that also supports the confidentialities aspects provided by the SecureCloud project.
Scheduling and Orchestration: SGX-enabled VMs and containers, as well as the orchestrations of these resources. SGX capabilities are not typically exposed by cloud management platforms, thus cloud providers wanting to enable SGX for their customers need to consume such SecureCloud services to provide SGX capabilities.
Attestation and Trust Management: the SCONE configuration and attestation service provides mechanisms for attestation and the fine-grained control in the sharing of secrets between applications (e.g., credentials, certificates) It also integrates with cloud platforms, especially with OpenStack services. Nevertheless, in contrast to regular OpenStack services, the security boundaries are controlled by the signatures of applications, and not only by roles and credentials informed to these applications and that can be stolen by attackers.
Auditing: Combines SecureCloud superior facilities in terms of Data Management and Storage, Distributed Communication, Big Data Processing, and Distributed scheduling to produce accurate, reliable, and timely records of actions.
Monitoring: adds SGX related metrics to platforms such as OpenStack and Kubernetes, which are not exposed by the regular SGX drivers and also not made available to the user of cloud monitoring tools.
While typically users are defined via formal description of their profiles, in this document we describe the SecureCloud potential users in a “story telling” approach, using fictitious characters to convey the
main focus of the scenarios, and the fact that SecureCloud takes a user centric approach. Therefore, for each scenario, the use case evaluates how SecureCloud addresses a customer’s challenge, by opposition to a technology driven approach where the scenario would be defined by selecting specific technical capabilities.
She learns that SecureCloud provides extensive support for
C/C++. Thus, she decides to use SecureCloud for writing her applications.
USES GO TO DEVELOP HER APPLICATIONS
She learns that SecureCloud provides efficient support for Go, and she decides to use SecureCloud for running her applications.
He starts using SecureCloud for providing his Java applications with better security guarantees. When he finds out SecureCloud has also advanced orchestration and data management features, he decides to use SecureCloud as an environment for all his applications.
Municipality of Neuchatel is in charge of filing applications from citizens and enterprises for construction authorization. The PA wants to support interaction between expert and non-expert employees. This involves gathering very sensitive documents from applicants (both paper-based and paper-less), extracting relevant information, feeding it to the information system of the municipality, interfacing with offices and employees (of the municipality and possibly of other PA organisations) as well as with the public. To this aim, the Municipality wants to adopt a PA construction management service widely used in the Country, and offered by a third party provider. The Municipality is informed of the SecureCloud project, and it’s very excited about the advantages that will be brought to them by SecureCloud services. Particularly, the Municipality wants to be informed about integrity violations of the cloud service without the need to trust the service operator. SecureCloud allows to secure the service by constructing secure requests and responses exchanged between clients and the Internet service, and periodically checks for integrity
MusicStreaming provider offers free music storage to customers who bought a music streaming service. The provider is interested in complying with privacy restrictions. The provider is informed of the SecureCloud project. The provider is exited to know that using SecureCloud services, he can implement GDPR restrictions as well as providing privacy for the users by only storing protected fragments of the data in each location they are created and accessed.
The company collects data from the location of its users to profile regions and offer contextualized ads. It is concerned about the sensitivity of the data and the growing concerns from users about privacy and security. The company is investigating how to use SecureCloud services to host its application that handle directly handle sensitive data