SecureCloud is an ecosystem of cloud facilities characterized by superior security guarantees, providing protection from attacks by privileged users (e.g. the cloud provider or the system administrator) and software (e.g. the hypervisor). Protection relies on new security extensions recently introduced into commercially available off-the-shelf CPUs. The current implementation is based on Intel SGX, but support for additional platforms might become available in the future. SecureCloud is customizable, since it enables developers to build a cloud-based computing environment based on SGX-enabled containers that matches their personal preferences. SecureCloud is modular, because it allows developers to pick and use only the features that they need/want. SecureCloud is flexible, since it can satisfy a wide range of customers-specific requirements including big data processing, secure intra-cloud communication, precise microservice scheduling and reliable data storage. SecureCloud is interoperable, in that its facilities can be seamlessly integrated with best of breed offerings from the Open Source community
Scheduling and Orchestration: SGX-enabled VMs and containers, as well as the orchestrations of these resources. SGX capabilities are not typically exposed by cloud management platforms, thus cloud providers wanting to enable SGX for their customers need to consume such SecureCloud services to provide SGX capabilities.
Attestation and Trust Management: the SCONE configuration and attestation service provides mechanisms for attestation and the fine-grained control in the sharing of secrets between applications (e.g., credentials, certificates) It also integrates with cloud platforms, especially with OpenStack services. Nevertheless, in contrast to regular OpenStack services, the security boundaries are controlled by the signatures of applications, and not only by roles and credentials informed to these applications and that can be stolen by attackers.
Auditing: Combines SecureCloud superior facilities in terms of Data Management and Storage, Distributed Communication, Big Data Processing, and Distributed scheduling to produce accurate, reliable, and timely records of actions.
Monitoring: adds SGX related metrics to platforms such as OpenStack and Kubernetes, which are not exposed by the regular SGX drivers and also not made available to the user of cloud monitoring tools.
While typically users are defined via formal description of their profiles, in this document we describe the SecureCloud potential users in a “story telling” approach, using fictitious characters to convey the
main focus of the scenarios, and the fact that SecureCloud takes a user centric approach. Therefore, for each scenario, the use case evaluates how SecureCloud addresses a customer’s challenge, by opposition to a technology driven approach where the scenario would be defined by selecting specific technical capabilities.
C/C++ developer.
She learns that SecureCloud provides extensive support for
C/C++. Thus, she decides to use SecureCloud for writing her applications.
USES GO TO DEVELOP HER APPLICATIONS
She learns that SecureCloud provides efficient support for Go, and she decides to use SecureCloud for running her applications.
JAVA DEVELOPER
He starts using SecureCloud for providing his Java applications with better security guarantees. When he finds out SecureCloud has also advanced orchestration and data management features, he decides to use SecureCloud as an environment for all his applications.
Municipality of Neuchatel is in charge of filing applications from citizens and enterprises for construction authorization. The PA wants to support interaction between expert and non-expert employees. This involves gathering very sensitive documents from applicants (both paper-based and paper-less), extracting relevant information, feeding it to the information system of the municipality, interfacing with offices and employees (of the municipality and possibly of other PA organisations) as well as with the public. To this aim, the Municipality wants to adopt a PA construction management service widely used in the Country, and offered by a third party provider. The Municipality is informed of the SecureCloud project, and it’s very excited about the advantages that will be brought to them by SecureCloud services. Particularly, the Municipality wants to be informed about integrity violations of the cloud service without the need to trust the service operator. SecureCloud allows to secure the service by constructing secure requests and responses exchanged between clients and the Internet service, and periodically checks for integrity
violations.
MusicStreaming provider offers free music storage to customers who bought a music streaming service. The provider is interested in complying with privacy restrictions. The provider is informed of the SecureCloud project. The provider is exited to know that using SecureCloud services, he can implement GDPR restrictions as well as providing privacy for the users by only storing protected fragments of the data in each location they are created and accessed.
The company collects data from the location of its users to profile regions and offer contextualized ads. It is concerned about the sensitivity of the data and the growing concerns from users about privacy and security. The company is investigating how to use SecureCloud services to host its application that handle directly handle sensitive data
SyncLab had a targeted meeting on February 2019 in Padua, presenting SecureCloud results to a prospect customer (Technetic, http://technetic.it/en/). The company has shown interest in the SyncLab pilot application as…
Prof. Luigi Romano (SyncLab) published an article about SecureCloud results on the Italian portal Agenda Digitale, the reference blog for Italian innovation: https://www.agendadigitale.eu/infrastrutture/proteggere-le-infrastrutture-critiche-con-il-cloud-come-vincere-la-sfida/
Prof. Romano served as a panelist for CyberTech 2016 organized by IEC: https://www.atena-h2020.eu/cybertech-europe-2016/
