D2.1 - Definition of Application Cases

This document analyses and specifies the application cases targeting e-Health and publication of Geo-referenced data on the Internet. The goal of this analysis is the identification of a number of demonstration cases that are the main input for the refinement of CLARUS requirements (WP2) and for the CLARUS implementation (WP5). The demonstration cases cover all major aspects of the CLARUS results. The demonstrations developed on the basis of this specification will enable integration testing and support the final evaluation of the project results to be carried out in WP6. In addition, the application cases provide working examples that will support the exploitation and dissemination activities (WP7).

D2.2 - Requirements Specification V1

The purpose of this document is to provide the CLARUS requirement specifications. It defines the use cases of the CLARUS solution and the requirements at the functional (i.e. the features that the solution needs to offer, e.g. business rules, features, user interface, social requirements) and the non‐functional levels (e.g. quality of service, performance, scalability, legal and ethical, standardisations).
More precisely this document aims at specifying:

  • Which functionalities should be supported by the CLARUS solution, in order to help cloud customers increase their control over outsourced data, give them the guarantee that their confidential or sensitive data will not be disclosed at any moment to the Cloud Service Provider (CSP), and maintain cloud functionalities and benefits.
  • What are the expected outcome of these functionalities, i.e. efficiency, data utility for both cloud customers and CSPs.
  • What are the needs in terms of security (i.e. the degree of security to be provided in different use cases) .

D2.5 - Standardisation Requirements

This deliverable reviews the current standard landscape for cloud computing, security, and data format  relevant  for  CLARUS.  The  objective  of  this  document  is  to  define  the  standardisation roadmap built on  a  throughout  analysis of  the  standards  and  their potential  adoption  in  the design and implementation of the CLARUS proxy solution. By considering relevant standards in the early stage of the project will ease the integration of standardised solutions and follow an interoperability by  design approach. This  document  first  recaps  the  cloud  computing  ecosystem  and  the  objective  of  CLARUS  to highlight the need for standards. Then, it discusses the CLARUS approach to standards and the
methodology used to identify relevant standards. A special focus on  additional  requirements  stemming  from  the  best  practices  and  recommendations of Standard Developing Organizations (SDOs) is also given. Finally, this deliverable maps the  technical  requirements  identified  in Deliverable D2.2  “Requirements  specification  V1”  to the identified standards.

D3.1 - Characterization of enabling technologies

The purpose of this document is to survey existing privacy-preserving and security-enabling techniques that align with the goals of the CLARUS project and which may be used in the final solution or lead to further research directions. Techniques will be introduced and assessed based on current feasibility and limitations (in terms of computational cost and scalability), the provided level of security, the input and output formats required and the functionality that they enable in the cloud environment.

D3.3 - An attack-tolerant framework for the cloud V1

This document presents an overview of monitoring and attack-tolerant techniques that will be used as a basis for the attack-tolerant framework to be integrated in the CLARUS platform, to early detect security and privacy incidents and to be able to react to them at runtime by applying a set of countermeasures in order to mitigate undesired effects.

This document offers an overview of monitoring and attack-tolerant systems in the cloud, and constitutes the basis of the attack-tolerant framework that will be integrated in CLARUS to enable the continuous monitoring of the system with the aim of preserving security and privacy properties. The innovation behind this attack-tolerant system comes from the fact that the system will be able to continue its operation in the event of an attack.

D3.5 - Adapted monitoring tool for the cloud V1

This document describes the first version of the monitoring software package that enables the supervision of CLARUS client operations during runtime to detect errors, malicious behaviours and attacks. It presents an overview of the methodology (risk based monitoring) to adapt a Montimage Monitoring Tool (MMT) tool to the CLARUS platform, together with a detailed description of the security monitoring performed by the adapted MMT. For now, and since no real trace is captured yet from the CLARUS proxy that is under implementation in WP5, the first version of the monitoring has been developed and tested with classical attacks (IP-based attacks). More adaptations are planned in the second version to include several attack examples that are presented in this document.

D4.1 - Architecture V1

This document specifies the first version of the architecture of the CLARUS platform. The main component of this platform is a proxy in charge of protecting customers’ data in a transparent way, while these are stored and processed in the cloud.
The design of the CLARUS architecture is defined based on the outcomes of WP2, namely the description of the use cases in deliverable D2.1 [1] and the list of requirements specified in D2.2 [2]. The architecture described in this document captures the main technical modules to be developed in relation to one another, in order to help the combination of different cloud services such as data storage or search operations with different protection techniques (encryption, anonymisation, data splitting/merging). This document aims at answering the following questions:

  • How does CLARUS protect the storage and processing of data in the cloud?
  • How is CLARUS configured?
  • How is CLARUS protected?
  • How does the end-user, or end-user applications, communicate with CLARUS?

With this aim, the document presents:

  • the adopted architectural approach;
  • a set of CLARUS modules proposed to tackle the challenges of ensuring the security and privacy of the storage and processing of the data in the cloud;
  • the technical integration of these various modules.
PDF icon CLARUS-D4.1-Architecture-v2.1.pdf2.44 MB

D4.2 - Architecture V2

This document provides a complete specification of the architecture of the CLARUS platform. While the first version of the architecture described in D4.1 mainly specifies the technical modules of the individual CLARUS proxy in charge of protecting the privacy of customers’ data for different data operations (storage, search, computation, retrieval), this document considers a more general scenario involving multiple CLARUS proxies that will interact with each other. Thanks to this new version, an organisation will be able to authorise another organisation to perform some operations over that data and keep these under control. The new version of the architecture also includes the design of some new auditing services which help the verification of the different operations.
With this aim, this document presents:

  • a refinement of the different CLARUS modules;
  • the adopted approach for the multi-proxy architecture;
  • some new modules helping in the verification of some data operations.
PDF icon CLARUS-D4.2-ArchitectureV2-v2.1.pdf3.21 MB

D4.3 - Standardisation and interoperability

This document analyses the CLARUS architecture and framework in terms of interoperability and standardisation. It leverages the work carried out in WP2 on the identification of relevant best practices in security, privacy, and data format in order to map the requirements that have driven the design of the CLARUS architectural solution, presented in Deliverable D4.2. Moreover, it analyses the security as a service infrastructure and concepts for the CLARUS framework proposed in WP4, specifically in Deliverable D4.4. The result is a thorough analysis of interoperability in the context of CLARUS, including the data types supporting the two use cases, and the approach that must be followed to pursue the objective of building an interoperable framework. While the output can help identify potential gaps in the standardisation landscape and drive the work for the implementation of CLARUS started with the definition of the APIs in Deliverable D5.1, it is also relevant in the context of the EU Cloud Computing Strategy and actions related to ICT standardisation in the Digital Single Market Strategy.

D4.4 - Security as a service for CLARUS

This document describes a security as a service (SECaaS) infrastructure and concept for the CLARUS framework. This SECaaS differs from usual SECaaS business models like anti-virus software or intrusion detection services. While these security services are located in the trusted cloud, a main assumption of CLARUS is that there is no general trust against the cloud provider. The proposed SECaaS for CLARUS therefore consists of the possibility of securing and accessing data, but still being able to profit from cloud service providers, their hardware, services and offers and thus circumventing the contradictions.
In total five SECaaS services have been identified:

  • Continuous monitoring and risk assessment of the platform
  • CLARUS communication with the CSP
  • CLARUS end user access to the CLARUS proxy
  • Exchange in between multiple CLARUS proxy entities
  • Provision of CLARUS secured data to an external user

While the first four services are in detail described in Deliverable D4.2, the focus in this deliverable will be on the fifth service covering the provision of CLARUS secured data to external users without a local CLARUS proxy instance.
This service mainly bases on the creation of Secure Containers and the secure transmission of these containers to heterogeneous targeted devices owned by external entities. The secure containers thereby contain the ability for external users outside the trusted zone to access data that has been safeguarded by the obfuscation and encryption security primitives provided by CLARUS.

PDF icon CLARUS-D4.4-SECaaS-v1.2.pdf1.87 MB

D5.1 - The CLARUS interface

The scope of this document is to specify the interfaces of the CLARUS platform.
Three interfaces are described in detail within this document:

  • the CLARUS-CSP interface related to the architecture works. This interface, ensuring interoperability, allows the CLARUS proxy connecting to new cloud services and to integrate some protection primitives in the cloud;
  • the CLARUS end-user interface that allows the end-user managing his/her sensitive data obfuscation and control or monitor the security and trust aspects;
  • the CLARUS-CLARUS interface that allows secure communication between different trusted CLARUS proxies in order to securely share data and optimise collaboration.

Moreover, the CLARUS protocol module is described in a dedicated section. This protocol module (identified in the architecture to enable communication between the CLARUS proxy and the client
application on one side and the CSPs on the other) is indeed involved in most of the interfaces listed above.

D7.1 - Dissemination and standards report V1

This deliverable presents the communication and dissemination strategy of the CLARUS project. This is the first version of the plan, which will be updated and revised every 12 months.

The document describes each different stakeholder group that the project targets. The document describes the communication and dissemination objectives and focuses on the initial set of actions to reach the objectives.
The dissemination and outreach strategy is specific and detailed for each group, identified by the core value messages to be conveyed, the main channels to facilitate the engagement of these communities and the relevant events targeting the stakeholders. The document also enlists the Key Performance Indicators (KPI) to measure the activity and the timeline for the actions planned to reach the stakeholders.

D7.2 - Dissemination and standards report V2

The purpose of this document is to update the initial plan produced in June 2015. It reports on actions taken and impact achieved with regard to communications, standards monitoring, analysis and dissemination. It also defines the communication strategy and dissemination plan for the next 12 months. A final report will be produced at the end of the project (M36), summing up the main outcomes and KPIs achieved.

D7.7 - CLARUS Brochure

This deliverable presents the first brochure produced in February 2015 and sets out the plan to be followed to produce a set of brochures during the lifetime of the project in order to raise awareness of the project and its results among stakeholders and communities that can benefit from the CLARUS solution. This document will complement the initial dissemination plan (scheduled at M6) that will detail the overall communication strategy of the project. The plan for the brochure will be updated and presented along with the dissemination plan, which will be alive during the project lifetime and adapted to the cirsumstances and opportunities that might arise.

PDF icon CLARUS-D7.7-CLARUSBrochure-v1.0.pdf10.68 MB