ESCUDO-CLOUD - Enforceable Security in the Cloud to Uphold Data Ownership





What user need or pain point is your project addressing?

Today, users placing data in the cloud need to put complete trust that the Cloud Service Providers (CSPs) will correctly manage such data. As a matter of fact, all CSPs can apply security measures in the services they offer, but these measures either give full trust to the CSP and allow it to have full access to the data, or greatly limit the functionality that the CSP is able to offer on the outsourced data.

ESCUDO-CLOUD will provide protection guarantees giving the data owners full control over their data in the cloud, while at the same time giving the cloud functionality over them. The goal of ESCUDO-CLOUD is to empower data owners as first class citizens of the cloud.

This goal will be achieved by providing enforceable security, that is, techniques wrapping the data to provide a layer of protection to the eyes of the storing/processing CSP itself, setting the trust boundary at the client side, which means assuming correct and trusted behaviour only by the client. Data owners will then remain in control over their data when relying on CSPs for data storage, processing, and management.


Project's major results: 
ESCUDO-CLOUD will provide  effective and deployable solutions allowing data owners to maintain control over their data when relying on Cloud Service Providers for data storage, processing, and management, without sacrificing on functionality.
It will provide enforceable security by means of techniques wrapping the data to provide a layer of protection to the eyes of the storing/processing CSP itself, setting the trust boundary at the client side, that is, assuming correct and trusted behaviour only by the client. With ESCUDO-CLOUD data owners will be able to outsource their data while maintaining control over them, with support of fine-grained data retrieval and with the ability to regulate access to them and share them with other users in a selective way and with assurance that their data will remain protected from the Cloud Service Providers.

Target stakeholders: 

Technology providers



Project Start: 
01/01/2015
Project End: 
31/12/2017


How will your solution/service benefit the end-user?

ESCUDO-CLOUD will be beneficial to both data owners and Cloud Service Providers (CSPs). Data owners will be enabled to outsource their data while maintaining control over them, with the ability to regulate access to them and share them with other users in a selective way and with assurance that their data will remain protected from the CSPs. Data owners will then be able to rely on CSPs and use their services for a wider range of applications.

CSPs significantly benefit, in addition to the increased market penetration that robust data ownership would provide, from reduced regulatory risks, audit costs, and general security threats that they would have to face in the absence of such protection. Freeing CSPs from the worries of protecting data, allows them to even handle the data outside their own control. For instance, it would enable a CSP itself to rely on other services for outsourcing storage and computation, behaving as a broker providing a virtualised cloud service, without worrying about the possible improper exposure of user information, which is guaranteed to be self-protected. This would benefit both larger as well as smaller players in the market, as well as individual users.


Potential exploitation strategy: 
ESCUDO-CLOUD  enables strong exploitation and impact of innovative solutions in strategic use cases. Industrial partners and the SME will lead exploitation along different directions. Exploitation plans include:
•       IBM will deploy basic protection techniques and in particular will contribute with key- management solutions to the OpenStack initiative, a reference open source architecture for the realisation of cloud infrastructures;
•       SAP will deploy solutions for selective data sharing and direct processing of encrypted data in new cloud-based products;
•       BT will deploy multi cloud and federated cloud solutions in its Cloud Compute product, covering both block-level and object-level storage services;
•       EMC and WT will make data protection techniques available for their customers, providing them with tools for ensuring self-protection of data and metrics for trust assessment.
 

Vertical Market: 

Other


Website: