SUPERCLOUD - User-centric management of security and dependability in clouds of clouds
Despite many business benefits, distributed clouds raise many security and dependability concerns due to an increase in complexity and a lack of interoperability between heterogeneous, often proprietary infrastructure technologies. Current provider-centric clouds are notably faced with three major security challenges:
- Security vulnerabilities in infrastructure layers: each layer (e.g., customer VMs, cloud provider services, provider hypervisor) is extremely vulnerable to attacks. For instance, the hypervisor and its over-privileged Dom0 is a target of choice for attackers due to its complexity. Hence the difficulty for an integrated protection.
- Lack of flexibility and control in security management: the problem comes from heterogeneity of security components and policies between cloud providers. This has a major security impact by introducing more vulnerabilities due to mismatching APIs and workflows.
- Security administration challenges: manual administration of protection of such an infrastructure is clearly out of reach to its complexity and heterogeneity of its components. Automation of security management is clearly necessary but lacking today.
SUPERCLOUD proposes new security and dependability infrastructure management paradigms that are:
- user-centric, for self-service clouds-of-clouds where customers define their own protection requirements and avoid lock-ins;
- self-managed, for self-protecting clouds-of-clouds that reduce administration complexity through security automation.
SUPERCLOUD will build a self-management infrastructure for security and dependability of heterogeneous resources across federated clouds. Customers will be provided with self-service environments enabling adaptive, customizable security for their cloud applications and services.
SUPERCLOUD will provide innovative cryptographic methods and tools for protecting data across distributed clouds through on-demand data security services, such as access control, blind computation, privacy-preserving indexing, and data availability.
SUPERCLOUD will enable resilient network-as-a-service, leveraging software-defined networking paradigms. It will also provide strong guarantees for end-to-end security and integrated trust management across multiple infrastructure layers and cloud domains.
SUPERCLOUD will reach the following objectives:
- Self-Service Security: Implementation of a cloud architecture that gives users the flexibility to define their own protection requirements and instantiate policies accordingly.
- Self-Managed Security: Development of an autonomic security management framework that operates seamlessly over compute, storage and network layers, and across provider domains to ensure compliance with security policies.
- End-to-End Security: Proposition of trust models and security mechanisms that enable composition of services and trust statements across different administrative provider domains.
- Resilience: Implementation of a resource management framework that composes provider-agnostic resources in a robust manner using primitives from diverse cloud providers.