CLARUS Proxy - High Level Architecture

The main goal of the CLARUS proxy is to provide a set of mechanisms to protect the security and privacy of cloud customers' data.

CLARUS considers three different  scenarios.

Data Operation

The core building block of the architecture, named as "Data Operations", encapsulates a set of privacy modules for different cloud services (data storage, data retrieval, search, computation) and protection techniques (encryption, data splitting and anonymisation). These modules will mainly implement the CLARUS privacy preserving techniques. This core building block naturally requires the support of the "Access Policy and Key Management" building block, which will help each privacy module protect outsourced by defining suitable access policies and providing appropriate security materials that will be stored in dedicated Access Policy DB and Key Store respectively.

Monitoring and Administration

The bootstrap and further administration of the proxy will be controlled by different modules regrouped in the "Monitoring and Administration" building block: while the Administration module is in charge of adding and configuring different modules and repositories, the Security Policy Management module manages the security policies defining different protection rules based on the data type and the underlying data/communication protocols for each dataspace; additionally, the Monitoring module will ensure that the framework is intrusion tolerant.

 

CLARUS Access

Finally, since several end-users will connect to the same CLARUS proxy, the "CLARUS Access" block will control their accesses and identities with the help of the User-Registration and User-Authentication modules.

The architecture also defines two modules, namely the USER-CLARUS and the CSP-CLARUS Protocol modules, which serve as interfaces for the end-user and the cloud, respectively.

The first version of this architecture only focuses on the existence of one CLARUS proxy and does not therefore tackle the problem of inter-proxy synchronisation, which is left for the second version of the architecture. Furthermore, the second version of the architecture will also include a set of security auditing and integrity solutions that will enhance trust in the cloud environment.