D3.7 Secure Cloud Usage for End Users
UNIL, AIT, UNI PASSAU, ATOS, FCSR, IRT
The PRISMACLOUD services are intended for use by people, companies, and organisa-tions who are rather experts for their own domains than for the complexities of highly distributed cloud applications and services, involving cryptography. The goal of this task (and finally this deliverable) is to communicate to these prospective end users the capabil-ities of the PRISMACLOUD services, and the context and consequences of their use. Based upon this information, sound and sustainable decisions regarding the deployment of storage and processing to the proposed cryptographically secured services shall be ena-bled. The idea is to provide a kind of "handbook" for the services, providing the infor-mation in a way accessible to the intended end users. We use cloud security and privacy patterns to describe the recurring security and privacy problems in the cloud that we ad-dress with the proposed solutions, and the assumptions, prerequisites, and consequences of their practical application.
Our strategy in the project was to closely participate in the development of the services, to monitor and understand the relevant aspects, and transcribe them into a more widely un-derstandable but nevertheless precise representation. We started with a set of nine pat-terns, which we developed in the first project year from the portfolio of the cryptographic technologies of the initial project plan (project proposal), and from initial considerations about security and privacy threats in currently available cloud services that need to be addressed. In the following, we presented our approach and the evolving patterns in sev-eral publications and presentations, e.g. at the ENISA Annual Privacy Forum 2016 in Frankfurt/Main1. In one specific publication, we identified the use of security and privacy patterns as promoter for a more widespread use of cryptography in the cloud.
But the work on the patterns also prove to be very practical within the project itself. We presented the patterns at the recurring project plenary meetings and thus supported the common understanding of the different services among the consortium. During a joint workshop among colleagues, where the four-tier structure of the PRISMACLOUD archi-tecture was developed (in M14), we used the patterns to guide the workshop participants and provide a basis for a common discussion among the experts from several domains. Consequently, we contributed single sections on our pattern approach to deliverables on the PRISMACLOUD architecture and our proper development methodology Crypto-graphic Software Design Life Cycle CryptSDLC (D7.5 and D7.6). Finally, we established the pattern approach as part of the CryptSDLC in a publication, which is probably the first publication of a software development life cycle, explicitly covering the integration of cryptographic engineering.
This document contains the final patterns, as well as considerations of aspects we re-searched while preparing the information for the end users. These parts (in the “context” section) are not yet published research. Other work that is published and available is not repeated in this document (but referenced by citation and internet link in section 2 “Task activity report” on p. 11).