Although cloud computing offers many benefits to its users, security issues such as confidentiality and privacy are still major concerns to those intending to migrate to the cloud. Traditional cloud security has been based on assurance to customers that cloud providers follow sound security practices. As a result, current security mechanisms are commonly located within the cloud platform, hence compelling customers to trust cloud providers. However, customers might be reluctant to outsource sensitive data due to lack of control over its storage and management. To reach its full potential, cloud computing needs solid security mechanisms that enhance trust in cloud computing by allowing cloud customers greater control on the security and privacy of their data.

Objective

The main objective of the CLARUS project is to enhance trust in cloud computing services by developing a secure framework for the storage and processing of data outsourced to the cloud. CLARUS will allow end users to monitor, audit and control the stored data without impairing the functionality and cost-saving benefits of cloud services.

Technical approach

CLARUS will take a holistic security-by-design approach that views security as a system property that must be continuously managed during the whole lifetime cycle of a system. Moreover, in order to achieve transparency in the way data are processed by all involved parties, the developed protocols will be the object of standardisation efforts. In addition, the CLARUS solution must be compliant with and support current and future European data protection legislation.

Addressing key concerns impeding the mainstream adoption of the cloud: privacy, security, trust

Enhancing privacy, security and trust of end users with respect to the cloud providers is the main focus of the CLARUS project. To achieve this, the CLARUS solution is envisioned as a proxy located in a domain trusted by the end user (e.g., a server in her company's intranet, a plug-in in the user’s device) that implements security and privacy-enabling features towards the cloud service provider.

To enhance privacy, CLARUS will implement a set of privacy-enabling mechanisms to ensure that the user’s sensitive data is properly protected before it is outsourced to the cloud. Protection will be provided in a way that cloud service functionalities are still preserved, even those that require performing operations (e.g., queries, transformations, calculations) on the protected data.

To achieve that, CLARUS will rely on and innovate over the current state of the art on functionality-preserving cryptographic (e.g., (partially) homomorphic encryption, searchable encryption, etc.) and non-cryptographic data protection techniques (e.g., data anonymisation, document redaction, data splitting and merging, private information retrieval, etc.), with a special focus on preserving the benefits associated with cloud services (functionality, cost-effectiveness, efficiency, etc.).

To enhance trust, CLARUS will also implement a set of auditing services, so that users can directly supervise how data is being protected and outsourced to the cloud. To enhance security, CLARUS will also develop an attack-tolerant framework, so that potential security breaches within the cloud can be dynamically detected and appropriate mitigation measures can be activated on-line.

In this way, the user’s privacy, security and trust can be significantly enhanced with respect to current cloud security solutions both regarding honest-but-curious cloud providers and potential attackers (insiders as well as outsiders), while still preserving cloud functionalities, and within the Platform-as-a-Service, Infrastructure-as-a-Service and Software-as-a-Service models.

Interoperability and portability

The CLARUS project proposes to develop the above-described framework as a set of generic protocols that can be used by collaborative cloud service providers in order to build trusted cloud services that are standardised and, therefore, transparent with regard to data management, privacy and security.

The aim is that the interfaces and protocols should be generic and cover most of the spectrum of cloud services. By means of standardisation, protocols and functions can be made homogenous for cloud providers and CLARUS proxies, so that interoperability can be achieved among otherwise heterogeneous cloud providers. 

Learn more about CLARUS proxy architecture and operational scenarios.