- Stephanie Parker interviews Josep Domingo-Ferrer about the CLARUS project.
- CLARUS is creating a new security framework for processing and storing data in the cloud.
- Users will be able to monitor and control their cloud data which will save money and improve standards.
Europe’s H2020 CLARUS project is developing a secure framework for storing and processing data outsourced to the cloud so end-users can monitor, audit, and control their stored data while gaining the cost-saving benefits and capacity that cloud services bring.
What are the main barriers to increased uptake of cloud computing? Why is trust so important when it comes to cloud computing?
Most companies are outsourcing at least some of their IT to the cloud, such as data storage, email, and other productivity applications. Reduced costs, virtually unlimited resources and increased availability are the main forces driving this change. Yet security, privacy, and ultimately trust, are still the main barriers preventing organizations from migrating to the cloud. Indeed, current security and privacy mechanisms are commonly located within the cloud platform, hence compelling customers to trust cloud service providers. However, a customer might be reluctant to outsource business-critical or confidential data because they lack control over its storage and management. To facilitate uptake, cloud computing needs to increase the user’s control over the security and privacy of their data, thus reducing the need for blind trust.
What are the privacy and security challenges?
When it comes to outsourcing sensitive data, security and privacy challenges are intertwined around data protection. Regarding security, users want to be assured that no intruder can hack the cloud and/or impersonate them, and that no denial of service will occur. Regarding privacy, users want the guarantee that no one other than themselves will be able to see or infer personal or confidential data. It’s important to note that privacy is even more challenging than security, because it must also apply to the cloud service provider. If the user wants to use not only the cloud storage but also the cloud computational power, then the challenge is even harder, Providing a privacy solution for this case is precisely what project H2020-644024 ‘CLARUS’ is about.
... and the legal ones?
One might argue that sensitive data handling in the cloud would be much simpler if users had greater trust in the cloud service provider. However, there are several legal issues here. On the one hand, in many scenarios the data subjects entrust the data controller with their personal data (e.g., healthcare data), but this does not mean they allow the controller to further transfer their data to whoever the controller chooses to trust. On the other hand, the cloud service provider may also be under a jurisdiction different from that of the controller.
What is the CLARUS project doing to address these issues?
Enhancing privacy, security, and trust of end users with respect to the cloud providers are the main goals of the CLARUS project. To achieve this, the CLARUS solution is envisioned as a proxy located in a domain trusted by the end user (e.g., a server in her company’s intranet or a plug-in in the user’s device) that implements security and privacy-enabling features towards the cloud service provider.
To enhance privacy, CLARUS will implement a set of privacy-enabling mechanisms to ensure that the user’s sensitive data is properly protected before it is outsourced to the cloud. Protection will be provided in a way that still preserves cloud service functions, even those that require performing operations (e.g., queries, transformations, calculations) on the protected data. To achieve that, CLARUS draws on and innovates the current state-of-the-art on functionality-preserving cryptographic and non-cryptographic data protection techniques, with a special focus on preserving the benefits associated with cloud services (functionality, cost-effectiveness, efficiency).
To enhance trust, CLARUS will also implement a set of auditing services, so that users can directly supervise how data is being protected and outsourced to the cloud. To enhance security, CLARUS will also develop an attack-tolerant framework, dynamically detecting potential security breaches within the cloud and activating appropriate mitigation measures online.
Please tell us about the two use cases you currently have.
CLARUS has two use cases. One of them relates to the outsourcing of legacy medical records, which will be demonstrated at a leading hospital in Barcelona. The other is about outsourcing different kinds of geo-referenced data, in such a way that the sensitive locations are not leaked either to the cloud service provider or anyone else, but computations and map drawing based on those locations can still be performed by the data owner using the cloud’s computing power.
What are the CLARUS project's goals?
From now to its end in December 2017, CLARUS will publish original research contributions focused on sensitive data processing in untrusted clouds. The project will also build demonstrators for the above-mentioned use cases and will strive to contribute to emerging standards on sensitive data processing in the cloud.