SERECA - Secure Enclaves for REactive Cloud Applications
Users want to have security, but they do not want to trust the cloud provider, nor the system administrator.
The Secure Enclaves for REactive Cloud Applications (SERECA) project targets two types of users/organizations: those wishing to move their mission-critical applications and their data to a Cloud infrastructure but do not trust the security of cloud-hosted applications and those who already use modern web applications hosted by cloud providers but the security solutions available to them do not provide adequate performance for latency sensitive.
An example is the case of a Critical Infrastructure that monitor key parameters of a dam for water supply. They would like to migrate to a cloud platform because this new technology can offer them many well-known benefits. However, they fear the integration between the cloud and the set of Industrial Control Systems (ICS) due to the security concerns.
The SERECA project aims at protecting cloud applications through secure enclaves, a new feature that is/will be provided by commodity CPU hardware from major vendors (namely: ARM and Intel). Secure enclaves provide security without relying on public cloud operators. In this way, the integrity and the confidentiality of the applications can be guaranteed against attacks coming from: employees of the cloud provider, other tenants, and hackers with physical access to the platform.
Small & medium enterprises
By exploiting new hardware features of commercial CPUs, SERECA will enable users to deploy applications on the cloud, without having to trust the cloud provider, nor the system administrator.
At the end of the project we will have developed the SERECA secure cloud platform. We will develop the idea of a secure enclave into which applications can be deployed without having to rely on the questionable security mechanisms provided by cloud operators. SERECA aims to provide technical innovations that simultaneously establish sufficient trust and performance in cloud deployments through the secure connection of application components executing on secure commodity CPUs. The result is the secure distributed enclave, a novel technology that shifts the burden of trust from today’s cumbersome and vulnerable multi-million-line software cloud stack to a small execution environment, exploiting the features of a commodity trusted hardware platform.
This new approach will provide an attractive and scalable solution for cloud application hosting. We will extend the new innovative approach of secure CPU hardware in commodity processors known as secure enclaves (as ARM TrustZone, Intel SGX) and the vert.x reactive framework in order to make an execution of distributed reactive applications inside those enclaves possible. In conclusion, thanks to our innovative solution a user can execute reactive application and be sure that his data won't be touched by anyone, not even by malicious administrators.