Summary of the context and overall objectives of the project
Confidentiality, integrity, and availability of applications and their data are of immediate concern to almost all organisations that use cloud computing. This is particularly true for organisations that must comply with strict confidentiality, availability and integrity policies, including those which process personal data and those supporting society’s most critical infrastructures, such as finance, utilities, health care and smart grids.
Critical infrastructure operators have legitimate concerns about the dependability of applications hosted in third-party clouds: cloud providers are already struggling to give strong security guarantees that data will be protected. This already limits security guarantees regarding confidentiality, integrity, and availability. The lack of adequate dependability, however, is increasingly becoming the primary barrier to the broad adoption of cloud computing, not only in the critical infrastructure domain but also in all domains in which the survival of a company depends on the reliability of the cloud. Hence, the cloud becomes itself a critical infrastructure for which we need to guarantee sufficient dependability such that we can justifiably place our trust in the hosted applications.
The SecureCloud project aims to remove technical impediments to dependable cloud computing, i.e., SecureCloud will ensure the confidentiality, integrity, availability and security of applications and their data. Thereby, SecureCloud will encourage and enable a greater uptake of cost-effective, environment-friendly, and innovative cloud solutions, in particular, for critical infrastructure applications throughout Europe and Brazil.
Secure storage of sensitive data in untrusted clouds is widely regarded as a solved problem. However, the secure and efficient processing of sensitive data in untrusted cloud is an open issue for secure cloud computing. The innovative approach to cloud dependability pursued in the SecureCloud project leverages the emergence of a new and promising technology—secure commodity CPUs—which promises to enable a new generation of dependable applications by basing trust in hardware mechanisms offered by commodity CPUs, in particular, Intel’s Secure Guard eXtensions (SGX). This permits applications to be isolated not only from other applications in the cloud but also from the underlying operating system and the hypervisor. It allows users to run their sensitive applications in a public cloud without the need to unconditionally trust the cloud provider.
The innovations that we envision within SecureCloud are challenging to attain but, if successful, will help place Europe and Brazil at the forefront of dependable cloud operations. Concretely, we distil our goals for the project into the following four objectives:
- Substantially improve the state-of-the-art in cloud dependability for critical applications by developing innovative and effective mechanisms to enforce dependability, i.e., security, covering integrity and confidentiality, as well as availability and reliability;
- Seamlessly integrate the new dependability features into a standard cloud stack to encourage easy migration of critical (as well as non-critical) applications to the cloud without compromising application dependability;
- Convincingly validate and demonstrate the benefits of our approach by applying it to realistic and demanding big data use cases in the domain of critical infrastructures (smart grids); and
- Widely promote and disseminate the innovative outcomes of this project by influencing the standards and best practices that will lead to broad adoption by European and Brazilian industry.
Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far
We started our work with developing uses cases related to big data processing in the area of smart grids. Based on these uses cases we derived the requirements on the SecureCloud platform. We designed the initial version of the SecureCloud platform, we implemented the necessary building blocks and we evaluated the feasibility of the SecureCloud platform with the help of proof-of-concept demonstrators.
More specifically, we implemented the necessary frameworks to enable application developers to easily develop secure applications, which are executed within Intel SGX enclaves. This framework is built on top of Docker thus allowing a cost-effective deployment based on well-established commodity components and paradigms.
To achieve availability as well as an effective, scalable and distributed processing of big data, we utilised the microservice paradigm. Therefore, we implemented a secure communication mechanism based on the event bus pattern. For the orchestration and scheduling of our microservices we extended Docker swarm as well as the standard cloud stack OpenStack. Additionally we have implemented components, which allow remote attestation and auditing of our mircoservices and thus support enforcing that the overall application is orchestrated from trustworthy microservices only.
Based on the core SecureCloud platform we have implemented several basic services, which in turn are a foundation for the use case demonstrators. Namely we have developed a secure key/value store, and a framework for allowing secure data processing based on the map/reduce programming model.
Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)
The SecureCloud platform allows the processing of (big) data in untrusted clouds which was one of the unsolved challenges in the area of cloud computing. Moreover, the SecureCloud approach – compared to other similar approaches – strives for minimizing the so-called trusted code bases (TCB), i.e. the amount of code and components one has to trust.
Given that on the one hand cloud computing is seen as one very important and promising building block for more efficient and effective IT utilisation and on the other hand security risks related to cloud computing are one major concern which hinders a broader adaption we believe that the results of the SecureCloud project have the potential to accelerate the acceptance and thus the usage of cloud computing solutions by an order of magnitude. This will not only substantially decrease the costs related to data processing but will also allow to implement services – especially for small and medium sized enterprises – which they could not realise beforehand.