Titel
Accueil
Navigation principale
Contenu
Recherche
Aide
Fonte
Standard
Gras
Identifiant
Interrompre la session?
Une session sous le nom de
InternetUser
est en cours.
Souhaitez-vous vraiment vous déconnecter?
Interrompre la session?
Une session sous le nom de
InternetUser
est en cours.
Souhaitez-vous vraiment vous déconnecter?
Accueil
Plus de données
Partenaires
Aide
Mentions légales
D
F
E
La recherche est en cours.
Interrompre la recherche
Recherche de projets
Projet actuel
Projets récents
Graphiques
Identifiant
Titel
Titel
Unité de recherche
SEFRI
Numéro de projet
15.0278-1
Titre du projet
Secure Big Data Processing in Untrusted Clouds
Données de base
Textes
Participants
Titel
Textes relatifs à ce projet
Allemand
Français
Italien
Anglais
Résumé des résultats (Abstract)
-
-
-
Textes saisis
Catégorie
Texte
Résumé des résultats (Abstract)
(Anglais)
SecureCloud addresses the confidentiality, integrity and availability of applications executed in the cloud. Data at rest or in transit on the network is already nowadays protected by encryption. The main problem that we face is how to ensure the confidentiality of data while being processed. Our approach is based on upcoming hardware extensions of commodity CPUs like Intel's Secure Guard Extensions (SGX). By the help of these hardware extensions, we reduce the trusted computing base dramatically by excluding from it the millions of lines of source code of the cloud stack, operating systems and hypervisor. This permits us to ensure the confidentiality of computations even if the computers are under a different administrative control (like a cloud provider) or there is no physical security of the computers. Moreover, we ensure the confidentiality even if attackers would take control of the cloud stack, the hypervisor or the operating systems. As long as the hardware extensions of the CPU can be trusted, we can ensure the confidentiality of the computations. \nSecureCloud focuses on ensuring the confidential and dependable processing of Big Data. To keep the trusted computing base small, we use the concept of microservices: only the application logic that processes data (e.g., operators) is protected while all functionality that, e.g., shuffles and stores encrypted data is outside the trusted computing base. By monitoring the microservices, we can restart services that run on compromised hosts. We will evaluate and demonstrate our approach in the context of smart grids. In this use case context, we need to run across a physically distributed computing infrastructure with no or little physical security and partly untrusted administrators. We need to process large volumes of data and this big data processing would benefit by partial offloading into the cloud. In SecureCloud, we will show how to do this in a secure fashion even if clouds are untrusted.
SEFRI
- Einsteinstrasse 2 - 3003 Berne -
Mentions légales