There is a need for protection against privileged users in cloud computing

Cloud security is nowadays of immediate concern to organisations that must comply with strict confidentiality and integrity policies, including those supporting society’s most critical infrastructures, such as finance, utilities, and health care. More broadly, security has emerged as a commercial imperative for cloud computing across a wide range of markets. In the early days, cloud providers could compete solely on the capacity and flexibility of their services. With these services now reaching commodity pricing levels, greater attention is being focused on the quality of the services they deliver, especially security. In particular, application vendors have legitimate concerns about the confidentiality and integrity of user data hosted in third-party clouds, with cloud providers struggling to give strong security guarantees that the data will be protected.

The primary barrier to the broad adoption of cloud computing is the lack of adequate security guarantees

The lack of adequate security guarantees is becoming the primary barrier to the broad adoption of cloud computing. Indeed, despite the economic advantages of cloud computing, many organizations are reluctant to move mission-critical applications and their data to the cloud, simply because they do not trust the security of cloud-hosted applications. In particular, many enterprises have serious concerns about the possibility for privileged users – e.g. the cloud provider or the system administrator – to access and/or tamper with their sensitive data. Their concern is only amplified in distributed deployments involving multiple data centers and jurisdictions. Furthermore, according to the Steering Board of the European Cloud Partnership (ECP), data protection and information security concerns are “the most ubiquitous requirements (spanning the most sectors)” for developing a trusted cloud infrastructure in Europe.

The Horizon 2020 “Secure Enclaves for REactive Cloud Applications” (SERECA) project

In order to remove technical impediments to secure cloud computing, and thereby encourage and enable greater uptake of cost-effective, environment-friendly, and innovative cloud solutions throughout Europe, in 2015 the Secure Enclaves for REactive Cloud Applications (SERECA) project has been started. Funded under Horizon 2020, SERECA leverages new security extensions of Commercial Off The Shelf (COTS) CPUs, namely: Intel SGX (https://software.intel.com/en-us/sgx). It to provide applications with a protected execution environment, which is not accessible to any user (including privileged ones) but the application owner. SERECA focuses on a particularly important and rapidly growing class of applications whose protection in cloud deployments has received little or no attention to date. In stark contrast to traditional throughput-oriented, batch-processing cloud applications, this class is highly interactive and latency sensitive. Examples are cloud-hosted Internet-of-Things (IoT) applications, Cyber-Physical Systems (CPS), multi-player games, on-line business analytics, real-time data monitoring, and industrial control.

The innovative approach to cloud security pursued in the SERECA project leverages the emergence of a new and promising technology: secure CPU hardware

Existing approaches to securing cloud applications, such as the imposition of a Trusted Computing Base (TCB), homomorphic encryption techniques, or special-purpose security co-processors are either meeting stiff resistance due to their inherent complexity and cost, or exhibit performance profiles incompatible with the stringent requirements of physical distribution, interactivity, and latency sensitivity. The innovative approach to cloud security pursued in the SERECA project instead leverages the emergence of a new and promising technology, secure CPU hardware, which promises to enable a new generation of secure applications by basing trust in hardware mechanisms offered by commodity CPUs.

The challenge of the SERECA project is to bring reactive frameworks into the cloud context

From a technical point of view, the challenge of SERECA is to bring reactive frameworks (spearheaded by a market-leading example) into the cloud context. Which means integrating them into the standard cloud stack and extending them to handle the full class of future-generation cloud applications.

The four objectives achieved by SERECA

Concretely, four objectives have been achieved:

1) Substantially improve the state-of-the-art in cloud security for interactive, latency-sensitive applications. It by developing innovative and effective mechanisms to enforce data integrity, availability, confidentiality, and localisation based on secure CPU hardware.

2) Seamlessly integrate the new security features into the standard cloud stack and its expected characteristics of scalability, elasticity, and availability. So as to encourage easy application migration to the cloud without also compromising application responsiveness nor complicating application management.

3) Convincingly validate and demonstrate the benefit of the approach by applying it to realistic and demanding industrial use cases.

4) Widely promote and disseminate the innovative outcomes of the project to encourage broad adoption by the European industry.

The results achieved by the project

SERECA has advanced the State Of The Art (SOTA) of cloud technology along the security axis, since it has delivered mechanisms for application development that are Effective – They make Trusted Execution Environment (TEE) features of the underlying hardware fully available to the application layer, which results in increased protection of critical data. Easy to use – SERECA support dramatically reduces the complexity of using the security extensions of new CPUs. By doing so, it ultimately cuts development costs down. Highly scalable – SERECA architecture and development approach perfectly comply to the micro service paradigm. This results in distributed applications that can fully exploit the computing power of the cloud platform they are deployed on, as more and more nodes are available. SERECA has been validated with respect to two substantial use cases.

SERECA has demonstrated that it would be possible to migrate the bulk of the data collection and processing to an externally managed cloud environment, without exposing the company to security risks

One use case is a distributed reactive cloud application to monitor a water supply network. Remote monitoring and control of a water supply network requires an expensive ICT layer and data centre infrastructure for, e.g. maintenance, systems updating, and hardware provisioning. In many countries – including Italy – water supply networks are managed by Public Administrations. Operating and maintaining such infrastructures lies outside of the core competences of a Public Administration, that (typically) does not have an internal ICT department. SERECA has collected experimental evidence, demonstrating that it would be possible to migrate the bulk of the data collection and processing to an externally managed cloud environment, without exposing the company to security risks. With current cloud platforms and technology, this would be impossible.

The project cloud platform guarantees an high level of security, demonstrated using an industry standard penetration testing (PEN) suite

The other use case is a software-as-a-service (SaaS) performance analysis service for cloud applications. Application performance analysis and monitoring is a core component of any service that is hosted on the Internet. Customers can lose substantial revenue and reputation when services perform poorly. Thus, the service has challenging security requirements, which cannot be guaranteed by current cloud platforms. The use case was developed on top of the SERECA cloud platform and the benefits of secure enclave technology were demonstrated using an industry standard penetration testing (PEN) suite. More details about the project can be found at: https://www.serecaproject.eu/

by Professor Luigi Romano

Who is Luigi Romano

Luigi Romano is the Innovation Manager of the SERECA project. He is an expert of system security and dependability. He is the head of the Fault and Intrusion Tolerant Networked SystemS (FITNESS) research group (http://www.fitnesslab.eu/). His research has received massive funding  from the European Union.  Within the context of FP7 and H2020, he is the Technical Lead and/or one of the Principal Investigators of several projects, including: STREAM (Scalable Autonomic Streaming Middleware for Real-Time  Processing of Massive Data Flows, http://www.streamproject.eu); INTERSECTION (INfrastructure for heTErogeneous, Resilient, SEcure, Complex, Tightly Inter-Operating Networks, http://www.intersection-project.eu); INSPIRE (INcreasing Security and Protection through Infrastructure Resilience, http://www.inspire-strep.eu/); INSPIRE INCO (INSPIRE INternational COoperation, http://www.inspire-inco.eu/); MASSIF (MAnagement of Security information and events in Service InFrastructures, http://www.massif-project.eu/); SRT-15 (Intelligence Push in the Enterprise Realm, http://srt-15.eu/); SAWSOC (Situation Aware Security Operation Center, http://www.sawsoc.eu/); COMPACT (https://www.compact-project.eu/en); KONFIDO (http://www.konfido-project.eu/). He was one of the three experts in charge of writing the “Recommendations on aligning research programme with policy in the specialized area of Network and Information Security (NIS)” and a member of the European Network and Information Security Agency (ENISA, http://www.enisa.europa.eu) expert group on Priorities of Research On Current and Emerging Network Technologies (PROCENT). He is the Chair of the Cyber Security technology area within the context of the SERIT (Security Research in Italy, http://www.piattaformaserit.it/) initiative.