This document describes a security as a service (SECaaS) infrastructure and concept for the CLARUS framework. This SECaaS differs from usual SECaaS business models like anti-virus software or intrusion detection services. While these security services are located in the trusted cloud, a main assumption of CLARUS is that there is no general trust against the cloud provider. The proposed SECaaS for CLARUS therefore consists of the possibility of securing and accessing data, but still being able to profit from cloud service providers, their hardware, services and offers and thus circumventing the contradictions.
In total five SECaaS services have been identified:
- Continuous monitoring and risk assessment of the platform
- CLARUS communication with the CSP
- CLARUS end user access to the CLARUS proxy
- Exchange in between multiple CLARUS proxy entities
- Provision of CLARUS secured data to an external user
While the first four services are in detail described in Deliverable D4.2, the focus in this deliverable will be on the fifth service covering the provision of CLARUS secured data to external users without a local CLARUS proxy instance.
This service mainly bases on the creation of Secure Containers and the secure transmission of these containers to heterogeneous targeted devices owned by external entities. The secure containers thereby contain the ability for external users outside the trusted zone to access data that has been safeguarded by the obfuscation and encryption security primitives provided by CLARUS.