ESCUDO-CLOUD will develop modular solutions and will tackle the security problems from different angles and perspectives. In particular, we consider four different dimensions that help in defining the challenges to be tackled.
- Security properties: Confidentiality, Integrity, Availability.
- Sharing requirements: Access by data owners, Selective sharing with other users/owners.
- Access requirements: Upload/download, Fine-grained retrieval, Write operations.
- Cloud architectures: Single cloud provider, Multi cloud and federated cloud.
These dimensions, with their different configurations, correspond to different scenarios and challenges to be addressed. For instance, in a scenario involving a single user with basic access functionalities (upload/download), basic encryption techniques can suffice to guarantee protection to data at rest. The consideration of fine-grained retrieval over the data requires to introduce novel approaches building over the basic protection techniques to enable query executions. Different are the challenges that the combinations of the dimensions above entail.
We tackle the issues and challenges mentioned above with a gradual approach and provide modular techniques and tools that can be applied as needed in different environments. In particular, we guide the structure of the work based on sharing requirements and cloud architectural assumptions (which define our three main scenarios of reference, addressed in the technical work packages) and, within them, we investigate how to guarantee security properties and satisfy access requirements.
Protection techniques for outsourced data (WP2)
This corresponds to the simpler scenario where we consider the problem of guaranteeing to a data owner the protection of her data as well as the ability to efficiently access and operate on them when relying on the cloud for their storage. In other words, it focuses on how to provide both protection guarantees and access functionality to the data owner. The work on these aspects will clearly represent the basis and will provide building blocks for the other scenarios.
Information sharing in the cloud (WP3)
This scenario is concerned with providing the data owner with the ability not only to protect and access data, but also to selectively share them with other users and owners. The consideration of external users/owners withwhom a data owner wants to selectively share her data entails several challenges, which will be addressed by ESCUDO-CLOUD. Sharing is typically selective and there is therefore the need to ensure that access to data by other users obeys possible authorisations that the owner wishes to apply. However, if on one side it is impractical, if not inapplicable, to assume that the owner intercepts each and every access, on the other side enforcement of such authorisations cannot simply be delegated to the CSP (as we want the data owner to remain in control). Hence, the project will investigate novel approaches for providing self-protection on the data (wrapping them with a protection layer, extending selective encryption solutions for access control enforcement) so guaranteeing that even without the owner in the loop access to data will be possible only to authorised users.
Multi cloud and federated cloud (WP4)
This scenario is concerned with multi-clouds and federated clouds, characterised by the presence of multiple CSPs. ESCUDO-CLOUD will investigate both how to enjoy the rich and diverse offers of CSPs for better functionality and security, as well as the new security concerns introduced by the presence of different CSPs.