Distributed clouds are about systems that should work across multiple administrative domains, some of which may not be trusted. One currently observes a lack of interoperability between heterogeneous, often proprietary infrastructure technologies such as networking and virtualization across multiple domains, or misses a unified experience of data protection across providers. Moreover, there is a lack of provider infrastructure flexibility to enable user-control over security, either too monolithic, or failing to give access to users to low-level resources. Finally, security administration challenges are daunting due to complexity and heterogeneity of components: automation of security management is clearly necessary but lacking today.
Making user-centric security and dependability for clouds-of-clouds a reality means overcoming 4 challenges. First, security should be self-serviced, so that users may define fine-grained security settings to control the protection level of their cloud resources. Second, security should be self-managed to tackle complexity through automation in infrastructure layers, and across provider domains. Third, security should be end-to-end, to define and enforce security SLAs such as for isolation across interoperability barriers for computing and networking. Finally, resilience should be guaranteed in a multi-provider setting, for instance in terms of data availability, and in network data and control planes.
SUPERCLOUD proposes new security and dependability infrastructure management paradigms that are:
- user-centric, for self-service clouds-of-clouds where customers define their own protection requirements and avoid lock-ins;
- self-managed, for self-protecting clouds-of-clouds that reduce administration complexity through security automation.
The target is clearly the customer! SUPERCLOUD offers business opportunities in many dimensions. For instance, SUPERCLOUD technology allows creation of value-added services that bring together resources from several, possibly untrusted, cloud providers to give users better service and more security and dependability guarantees, as illustrated by deployment of the infrastructure for healthcare use-cases. Thus, the customer can choose which security and availability services to deploy in his own self-service cloud. SUPERCLOUD can also create business opportunities for a number of other verticals, including cloud brokerage, network function virtualization, blockchain, or smart home security.
SUPERCLOUD will build a self-management infrastructure for security and dependability of heterogeneous resources across federated clouds. Customers will be provided with self-service environments enabling adaptive, customizable security for their cloud applications and services.
SUPERCLOUD will provide innovative cryptographic methods and tools for protecting data across distributed clouds through on-demand data security services, such as access control, blind computation, privacy-preserving indexing, and data availability.
SUPERCLOUD will enable resilient network-as-a-service, leveraging software-defined networking paradigms. It will also provide strong guarantees for end-to-end security and integrated trust management across multiple infrastructure layers and cloud domains.
SUPERCLOUD will reach the following objectives:
- Self-Service Security: Implementation of a cloud architecture that gives users the flexibility to define their own protection requirements and instantiate policies accordingly.
- Self-Managed Security: Development of an autonomic security management framework that operates seamlessly over compute, storage and network layers, and across provider domains to ensure compliance with security policies.
- End-to-End Security: Proposition of trust models and security mechanisms that enable composition of services and trust statements across different administrative provider domains.
- Resilience: Implementation of a resource management framework that composes provider-agnostic resources in a robust manner using primitives from diverse cloud providers.
The supporting SUPERCLOUD architecture builds on the abstraction of U-Cloud (user-centric cloud) to achieve provider independence for security management. So far, we defined the architecture of the SUPERCLOUD security layer and the design and implementation of its components through proof-of-concepts, also showcasing the technology on two compelling healthcare use-cases. Next steps are gradual integration within and across SUPECLOUD computing, data management, and networking layers. Partners are also working on wider adoption of SUPERCLOUD ideas and innovation such as impacting the Hyperledger Fabric open-source blockchain project or creating a startup around the Janus multi-cloud storage system.