Confidentiality, integrity, and availability of applications and their data are of immediate concern to almost all organizations that use cloud computing. This is particularly true for organizations that must comply with strict confidentiality, availability and integrity policies, including those society’s most Critical Infrastructures, such as finance, utilities, health care and smart grids.
Dependability (which implies confidentiality, integrity, availability) has emerged as a commercial imperative for cloud providers to be able to support emerging markets including cloud computing for critical infrastructures or cloud robotics. The cloud has not only become a critical infrastructure itself but it needs to support other critical infrastructures. These include smart grids and systems in the health and transportation domains but also extend to future large-scale computing, such as the Internet of Things (IoT) and Cyber-Physical Systems (CPS).
The SecureCloud project aims to remove technical impediments to dependable cloud computing, i.e., SecureCloud will ensure the confidentiality, integrity, availability and security of applications and their data. Thereby, SecureCloud will encourage and enable a greater uptake of cost-effective, environment-friendly, and innovative cloud solutions, in particular, for critical infrastructure applications throughout Europe and Brazil.
The primary goal of SecureCloud is to ensure the dependability of critical applications that are executed in distributed, potentially untrusted cloud infrastructures.
The innovative approach to cloud dependability pursued in the SecureCloud project is leverages the emergence of a new and promising technology—secure commodity CPUs—which promises to enable a new generation of dependable applications by basing trust in hardware mechanisms offered by commodity CPUs, in particular, Intel’s Secure Guard eXtensions (SGX). This permits applications to be isolated not only from other applications in the cloud but also from the underlying operating system and the hypervisor. It allows users to run their sensitive applications in a public cloud without the need to unconditionally trust the cloud provider.
SecureCloud will facilitate the usage applications with high or very high security requirements. The fundamental technical challenges of the SecureCloud project will be to integrate and extend the most popular technologies of last years to ensure the dependability of cloud applications.
SecureCloud will leverage Intel SGX as root of application trust to provide confidentiality and integrity of sensitive data. SGX encrypts the memory content of protected applications to prevent the operating system or the hypervisor from being able to read and/or modify application data.
SecureCloud will use OpenStack as a common cloud stack infrastructure.
SecureCloud will extend standard Container technology to allow the execution of Intel SGX secure enclaves inside containers.
SecureCloud will use a Coordination Service to detect a computer or an application process failure and restart either the application process on a different computer or a newly created virtual machine, or the container depending on the requirements of the application process.
SecureCloud will use Software-Defined Networks (SDN) to connect the application components within data centres as well as across data centres.