{"id":1749,"date":"2017-03-22T08:49:12","date_gmt":"2017-03-22T08:49:12","guid":{"rendered":"https:\/\/prismacloud.eu\/?p=1749"},"modified":"2018-04-03T13:02:36","modified_gmt":"2018-04-03T13:02:36","slug":"d6-4-selection-and-specification-of-tools-for-software-implementation","status":"publish","type":"post","link":"https:\/\/prismacloud.eu\/d6-4-selection-and-specification-of-tools-for-software-implementation\/","title":{"rendered":"D6.4 Selection and specification of tools for software implementation"},"content":{"rendered":"

Contributing Partners<\/strong><\/p>\n

TUGRAZ<\/strong>, AIT, IBM, UNEW, TUDA, UNIL<\/p>\n

Executive Summary<\/strong><\/p>\n

The Horizon 2020 project PRISMACLOUD reaches out to address several of the most pressing risks threatening end user security and privacy in current public cloud offerings with a portfolio of cryptographically secured services, providing dependable end-to-end security, without having to rely on unrealistic trust assumptions regarding public cloud providers. The services shall be ready for commercial exploitation by the industry partners within the PRISMACLOUD consortium and beyond, early after project end. Speci\ffic exploitation plans will be prepared by the eight commercial project partners (cf. upcoming deliverables D9.3 and D9.4), being large European service and solution providers with access to end users, middleware developers, small system and solutions providers for dedicated local markets, as well as one end user (reseller) of the proposed services. The practical applicability of the services will be demonstrated and validated in three pilot use cases in the \felds of Smart City<\/em>, eGovernment<\/em>, and eHealth<\/em>.<\/p>\n

In order to tackle and organize the complexity involved with the construction of the cryptographically secured services, we introduce the conceptual model of the layered PRISMACLOUD architecture, which is organized in 4 tiers (cf. Figure 1). On the uppermost layer are the end user applications, represented in the project by the three selected use cases from the (i) Use Cases layer. This layer uses the cloud services of the (ii) Services layer to achieve the desired security functionalities. These cloud services are a representative selection of possible services which can be built from the tools organized in the (iii) Tools layer. The selection and speci\fFIcation of these tools is the main focus of this deliverable. The tools encapsulate several cryptographic primitives and protocols from the (iv) Primitives layer, which is the lowest layer of the PRISMACLOUD architecture. The elements of the architecture required by the use cases will be implemented in software and provided for exploitation by the commercial project partners, and through them also beyond the project consortium. The project also features a speci\ffic standardization activity to disseminate the tools' specifi\fcations into standards to support further adoption.<\/p>\n

While the cloud services are a representative selection of possible services covering typical use cases which can be built from the tools organized in the Tools layer, the tools can be considered as reusable building blocks providing certain basic security functionalities in one respective security functionality domain. We, thus, stress that for additional end user applications also modi\ffied or entirely newly composed additional cloud services are conceivable. PRISMACLOUD tools will be made available to address particular end user security and privacy risks and threats in public cloud services in \ffive domains:<\/p>\n

Data Storage.<\/strong> Data con\fdentiality, integrity and availability is provided for the end user by the Secure Object Storage Tool<\/em>.<\/p>\n

Authentication of Information Distributed Through Public Clouds.<\/strong> The authenticity of information can be preserved, even if parts \u00a0 are redacted or blackened out for privacy preservation and data minimization by the Flexible Authentication with Selective Disclosure Tool.<\/em><\/p>\n

Delegated Computation.<\/strong> The correctness of computations delegated to the cloud can be verifi\fed by means of the Veri\ffiable Data Processing Tool.<\/em><\/p>\n

Secure Infrastructure Con\fguration.<\/strong> Properties of cloud topologies (e.g. tenant isolation) can be veri\ffied without the cloud provider having to reveal actual confi\fguration detail, which would constitute a possible attack vector against the cloud provider, or reveal con\ffidential information belonging to other tenants of the cloud. This functionality is provided by the Topology Certi\fcation Tool<\/em>.<\/p>\n

Migration of Legacy Applications to the Cloud.<\/strong> This domain also includes the use of bulk data for big data processing. The con\fdentiality and data privacy is provided by the Data Privacy Tool<\/em>.<\/p>\n

This deliverable starts with introducing the above mentioned PRISMACLOUD 4-tier architecture in Section 1. In particular, we provide a brief description of all tiers as well as all involved PRISMACLOUD primitives, PRISMACLOUD tools and PRISMACLOUD services. Especially for the primitives, we only provide a very brief description and provide references to the respective technical deliverables D4.1, D4.4, D4.6, D5.1, D5.5 and D5.8 whenever appropriate for details.<\/p>\n

Then we proceed with a description of the PRISMACLOUD tools. In Section 3, we present the Secure Object Storage Tool and the two corresponding services Data Sharing and Secure Archiving used to showcase the tool. In Section 4, we discuss the Flexible Authentication with Selective Disclosure Tool and the two corresponding services Selective Authentic Exchange as well as Privacy Enhancing Identity Management. Then, in Section 5, we present the Verifiable Data Processing Tool and the corresponding Veri\ffiable Statistics service that showcases its functionality. In Section 6, we present the Topology Certi\ffication Tool and the associated Infrastructure Auditing service. Finally, in Section 7 we present the Data Privacy Tool and the two corresponding services Encryption Proxy and Anonymization.<\/p>\n

In all of the speci\ffications of the functional requirements for the tools we build upon the requirements contained in Deliverable D2.3, and the requirements provided by the Volere tool which was used for requirements elicitation. Then we apply an additional iteration to them by re\ffining them and additionally introducing more \ffine-granular functional requirements.<\/p>\n

Finally, in Section 8, we conclude this deliverable with some \ffinal remarks. Thereby, we also recap the relation of this deliverable to upcoming work in this project, and in particular the relation to other tasks in WP6, WP7 and the exploitation in WP9.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Horizon 2020 project PRISMACLOUD reaches out to address several of the most pressing risks threatening end user security and privacy in current public cloud offerings with a portfolio of cryptographically secured services, providing dependable end-to-end security, without having to rely on unrealistic trust assumptions regarding public cloud providers. The services shall be ready for commercial exploitation by the industry partners within the PRISMACLOUD consortium and beyond, early after project end. Speci\ffic exploitation plans will be prepared by the eight commercial project partners (cf. upcoming deliverables D9.3 and D9.4), being large European service and solution providers with access to end users, middleware developers, small system and solutions providers for dedicated local markets, as well as one end user (reseller) of the proposed services. The practical applicability of the services will be demonstrated and validated in three pilot use cases in the \felds of Smart City, eGovernment, and eHealth.<\/p>\n

In order to tackle and organize the complexity involved with the construction of the cryptographically secured services, we introduce the conceptual model of the layered PRISMACLOUD architecture, which is organized in 4 tiers (cf. Figure 1). On the uppermost layer are the end user applications, represented in the project by the three selected use cases from the (i) Use Cases layer. This layer uses the cloud services of the (ii) Services layer to achieve the desired security functionalities. These cloud services are a representative selection of possible services which can be built from the tools organized in the (iii) Tools layer. The selection and speci\fFIcation of these tools is the main focus of this deliverable. The tools encapsulate several cryptographic primitives and protocols from the (iv) Primitives layer, which is the lowest layer of the PRISMACLOUD architecture. The elements of the architecture required by the use cases will be implemented in software and provided for exploitation by the commercial project partners, and through them also beyond the project consortium. The project also features a speci\ffic standardization activity to disseminate the tools' specifi\fcations into standards to support further adoption.<\/p>\n

While the cloud services are a representative selection of possible services covering typical use cases which can be built from the tools organized in the Tools layer, the tools can be considered as reusable building blocks providing certain basic security functionalities in one respective security functionality domain. We, thus, stress that for additional end user applications also modi\ffied or entirely newly composed additional cloud services are conceivable. PRISMACLOUD tools will be made available to address particular end user security and privacy risks and threats in public cloud services in \ffive domains:<\/p>\n

Data Storage. Data con\fdentiality, integrity and availability is provided for the end user by the Secure Object Storage Tool.<\/p>\n

Authentication of Information Distributed Through Public Clouds. The authenticity of information can be preserved, even if parts \u00a0 are redacted or blackened out for privacy preservation and data minimization by the Flexible Authentication with Selective Disclosure Tool.<\/p>\n

Delegated Computation. The correctness of computations delegated to the cloud can be verifi\fed by means of the Veri\ffiable Data Processing Tool.<\/p>\n

Secure Infrastructure Con\fguration. Properties of cloud topologies (e.g. tenant isolation) can be veri\ffied without the cloud provider having to reveal actual confi\fguration detail, which would constitute a possible attack vector against the cloud provider, or reveal con\ffidential information belonging to other tenants of the cloud. This functionality is provided by the Topology Certi\fcation Tool.<\/p>\n

Migration of Legacy Applications to the Cloud. This domain also includes the use of bulk data for big data processing. The con\fdentiality and data privacy is provided by the Data Privacy Tool.<\/p>\n

This deliverable starts with introducing the above mentioned PRISMACLOUD 4-tier architecture in Section 1. In particular, we provide a brief description of all tiers as well as all involved PRISMACLOUD primitives, PRISMACLOUD tools and PRISMACLOUD services. Especially for the primitives, we only provide a very brief description and provide references to the respective technical deliverables D4.1, D4.4, D4.6, D5.1, D5.5 and D5.8 whenever appropriate for details.<\/p>\n

Then we proceed with a description of the PRISMACLOUD tools. In Section 3, we present the Secure Object Storage Tool and the two corresponding services Data Sharing and Secure Archiving used to showcase the tool. In Section 4, we discuss the Flexible Authentication with Selective Disclosure Tool and the two corresponding services Selective Authentic Exchange as well as Privacy Enhancing Identity Management. Then, in Section 5, we present the Verifiable Data Processing Tool and the corresponding Veri\ffiable Statistics service that showcases its functionality. In Section 6, we present the Topology Certi\ffication Tool and the associated Infrastructure Auditing service. Finally, in Section 7 we present the Data Privacy Tool and the two corresponding services Encryption Proxy and Anonymization.<\/p>\n

In all of the speci\ffications of the functional requirements for the tools we build upon the requirements contained in Deliverable D2.3, and the requirements provided by the Volere tool which was used for requirements elicitation. Then we apply an additional iteration to them by re\ffining them and additionally introducing more \ffine-granular functional requirements.<\/p>\n

Finally, in Section 8, we conclude this deliverable with some \ffinal remarks. Thereby, we also recap the relation of this deliverable to upcoming work in this project, and in particular the relation to other tasks in WP6, WP7 and the exploitation in WP9.<\/p>\n","protected":false},"author":2,"featured_media":1818,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1749"}],"collection":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/comments?post=1749"}],"version-history":[{"count":4,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1749\/revisions"}],"predecessor-version":[{"id":2632,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1749\/revisions\/2632"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media\/1818"}],"wp:attachment":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media?parent=1749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/categories?post=1749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/tags?post=1749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}