SafeCloud - Secure and Resilient Cloud Architecture

Introduction

Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. There are major privacy and security concerns about data located in the cloud, especially when data is physically located, processed, or must transit outside the legal jurisdiction of its rightful owner. These questions are currently not answered satisfactorily by existing technologies.
SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be

• partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design;
• entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity.

These two principles (partitioning and entanglement) are applied holistically across the entire data management stack, from communication to storage and processing.

Who is the project designed for?

We mostly deal with sensitive personal data as defined in the EU General Data Protection Regulation (GDPR). More precisely, our main stakeholders are entities (companies, governments and individuals) who want to store, share, transmit, and process sensitive personal data using technologies deployed on the cloud, but who are reluctant to do so due to the inherent privacy and security risks of the cloud. Using the cloud securely is easy (encrypt and replicate), but leveraging all the benefits of the cloud, such as sharing and processing data, is hard to do securely.

How will your project benefit the end-user?

The project will directly benefit end-users who wish to leverage the technologies offered by the cloud to store, share and process data, especially sensitive personal data, in a secure and private way. End-users will also benefit every time they interact with third parties using technologies developed by the consortium, by having access to cheaper, secure, faster and more reliable tools and services at their disposal.

Users will control the choice of non-colluding domains for partitioning and the tradeoffs between entanglement and performance, and thus will have full control over what happens to their data. This will make users less reluctant to manage their personal data online due to privacy concerns and will generate important benefits for privacy-sensitive online applications such as distributed cloud infrastructures and medical record storage platforms.