SecureCloud addresses the confidentiality, integrity and availability of applications executed in the cloud. The main problem that we face is how to ensure the confidentiality of data while being processed. Our approach is based on upcoming hardware extensions of commodity CPUs.
Our end users are those who need to process massive amounts of data in a timely and secure fashion. Data at rest or in transit on the network is typically protected by encryption. However, when data is to be processed, it must be decrypted. From a security point of view, this is an issue, since privileged users and/or software might get access to the data in plain text. The project focuses on the power grid domain, but the features it delivers can be used in a variety of other domains.
SecureCloud focuses on a particularly important domain: applications that support critical infrastructures. The security guarantees of current cloud offerings are not sufficient for such applications (as well as for a large fraction of existing and emerging applications). Hardware extensions of commodity CPUs provide powerful mechanisms that effectively protect data from attacks, even from privileged users/software. Regrettably, using CPU hardware extensions requires advanced programming skills, which a large fraction of application developers lacks. SecureCloud makes CPU extensions readily available via a pre-packaged container. By doing so, SecureCloud enables developers to deploy their applications in a secure way and at no extra cost.
By removing technical impediments to dependable cloud computing, SecureCloud will encourage and enable a greater uptake of cost-effective, environment-friendly, and innovative cloud solutions, in particular for critical infrastructure applications throughout Europe and Brazil. If one can trust a cloud to run applications in the context of critical infrastructures, one can clearly trust this cloud to run applications in a large variety of application domains. In stark contrast to traditional throughput-oriented, batch-processing cloud applications, applications in the critical infrastructure domain do not only have strong requirements with respect to confidentiality, integrity, availability, but they typically are also latency sensitive.