A growing number of easy-to-use cloud services are available over the internet. However, users find it increasingly difficult to understand what cloud services do with their users‘ personal data and whether personal data fall into the wrong hands.
Cloud systems are highly dynamic: the computation load changes continuously, computers crash sometimes, software components are migrated between computers or even between data cen-ters etc. Data protection concerns are also associated with some special sources of dynamism. For instance, users may change the protection requirements relating to their data, so that data that were previously categorized as not needing protection suddenly are considered sensitive or vice versa. Therefore, the protection of personal data in the cloud must consider continuously changing goals and conditions.
Other cloud users may also pose security threats. To keep costs low, it is common practice in cloud computing to host software components belonging to multiple users on the same server in the data center, perhaps encapsulated in so-called virtual machines, but still on the same hardware. In principle, this makes it possible for a malicious software component of one user to spy on or to cor-rupt the data of another user hosted on the same physical server.
Existing solutions focus mainly on avoiding specific types of attacks, e.g., using different encryption or authentication techniques. This way, data protection should be guaranteed by design. Unfortu-nately, such approaches are becoming insufficient in the face of the increasing dynamism of cloud systems and the resulting frequent changes of conditions and emergence of new threats.
To cope with the high dynamism of cloud systems, self-adaptation is required. Therefore, the aim of the project RestAssured is to devise solutions that are capable of reacting to changes in the envi-ronment or in the requirements by means of appropriate adaptations at run-time. In particular, the configuration of the cloud system as well as the data protection requirements have to be continu-ously monitored. If a potential security breach is detected, the cloud system is reconfigured so that the violation is avoided or mitigated.
RestAssured combines the adaptation-based approach with innovative security mechanisms to a holistic solution. Specifically, the application of fully homomorphic encryption and secure hardware enclaves is evaluated with the aim of providing appropriate data protection. Beyond the effect on data protection, the side-effects of these techniques on other quality attributes such as perfor-mance and costs are also considered, so that the overall best configuration can be chosen. Fur-thermore, so-called sticky policies will be used to manage the life cycle of data and to monitor rele-vant changes.
The paluno team is responsible on one hand for the work package “Run-time data protection as-surance”, which implements the continuous monitoring and on that basis the control of appropriate adaptations mechanisms. On the other hand, paluno team members are also responsible for some overarching project activities, including the overall architecture and the common testbed.
Program: Horizon 2020
Type: Research and Innovation action (RIA)
Funded amount: 647,000 Euro (total funded amount 4.99 Mil. Euro)
- IBM Israel
- Adaptant Solutions AG
- University of Southampton
- Oxford Computer Consultants Ltd.
- Thales Services SAS
- Universität Duisburg-Essen