Interview by Katherina Eleftheriou
“Connected ‘things’ – everything from hospital beds, train tracks, cars, buildings and more – are generating massive amounts of data that can be analyzed to provide quick, actionable insights. But before this can happen the data needs to be collected in the cloud where advanced algorithms can detect patterns to predict, for example, when the hospital bed will be available or when the train tracks will require repairs.
The security of this data is of the utmost importance, which is why many organizations are so focused on building trust and security into the cloud.
IBM’s Zurich Research lab is one of the TREDISEC partners. I recently sat down with one of the lead scientists on the project, Alessandro Sorniotti to discuss the upcoming challenges of this ambitious open source project and it’s impact on security and efficiency in tomorrow’s cloud.
Q. Please give us an overview of the project.
Alessandro Sorniotti (AS): The scope of the project is security in cloud, with a focus on outsourcing. We are taking a holistic approach, which we hope will allow us to study the problem in its entirety and discover security gaps that are currently hidden.
For example, if you take a single problem like “I don’t trust the cloud provider, therefore I need to encrypt my data” or “I would like to use the storage system as efficiently as possible, so I compress and deduplicate data and I do it with the best and fastest algorithms”. Both of these singular problems are solvable and have been solved. But if you combine them together the problem becomes exponentially more difficult because it becomes the proverbial blanket that doesn’t cover everything.
When we wrote the proposal we tried to be bold and consider all of the aspects, which is a system that needs to be used by multiple users who do not trust one another, to allow for data outsourcing, encrypted to use the storage system in an efficient way.
|Sorniotti focuses on keeping clouds secure|
Q. How hard is it to prevent users from tapping into somene else’s data?
AS: It depends on the security model and it depends on the degree of access you give to the users.
If the interface with the server is rather restrictive maintaining control is fairly easy. But if you want to give a wider degree of access, for example, access to the bare metal server like IBM Softlayer offers, where you outsource not only storage but also computation, the problem becomes harder. It’s like giving the keys of your house to a curious stranger and then trusting them to stay in the kitchen all day.
Q. What is the aim of this project considered it’s a European open-source project?
AS: We want to develop the mechanisms and the protocols and then see if they can be applied to proprietary as well as open-source solutions. We also want to help make any system multi-tenant ready so it can accept requests from different users — without any fear of compromise.
|(click to enlarge)|
Another interesting facet of this project is that it combines different aspects of security. For example, my colleague Angelo De Caro is a cryptographer and Matthias Neugschwandtner is a “White-Hat-Hacker”. They have complementary skills, one looks at the cryptographic aspects of the problems, solutions and the protocols and the other one looks at the security of its implementation and possible vulnerabilities.
At the end of the day the system is as strong as its weakest link, so the problem must be analysed and understood from both standpoints.
Q. So what’s the first demonstration that this could work? Do you have a milestone, where you going to test this in a data-center with a client?
AS: We’re working with a good set of use-case partners including cloud service providers from both Greece and Spain where we will test some of our work. This should give us a good platform for testing and improving.
At this point we are making good progress and will have more to report in the coming months.
Follow updates on the project @TREDISECproject
The project has received funding from the European Commission under the Information and Communication Technologies (ICT) theme of the Horizon 2020 framework programme (H2020-ICT-2014-1). The project started in April 2015, coordinated by Atos with partners NEC Europe (United Kingdom), IBM Research (Switzerland), Eurecom (France), Arsys (Spain), GRNET (Greece), SAP (Germany) and Morpho (France). More information about the project is available at www.tredisec.eu.