SECURE ENCLAVES FOR REACTIVE CLOUD APPLICATIONS

The Technische Universität Dresden (TUD) is one of eleven German universities that were identified by the German government as a “University of Excellence”. TUD has about 37.000 students and almost 4.400 employees, 520 professors among them, and is the largest university in Saxony today. TUD is strong in research, offering first-rate programmes of overwhelming diversity, with close ties to culture, industry, and society. As a modern full-status university with 14 departments, TUD offers a wide academic range.

The university emphasises interdisciplinary cooperation and encourages its students to participate in both teaching and research. More specifically: interdisciplinary cooperation among various fields is a strength of the TUD, whose researchers also benefit from collaborations with the region’s numerous science institutions - including Fraunhofer institutes and Max Planck institutes.

In recognition of TUDs emphasis on applications in both teaching and research, leading companies have honoured the university with currently fourteen endowed chairs. TUD prides itself for its international flavour and has partnerships with more than 70 universities worldwide. Furthermore, TUD is the only university in East Germany that has been granted a graduate school and a cluster of excellence in Germanys Excellence Initiative. The Systems Engineering group lead by Prof. Fetzer is part of the computer science faculty of TU Dresden. It was established in April 2004 and funded by an endowment by the Heinz-Nixdorf foundation.

The group addresses several research issues in dependable and distributed systems: (i) security and dependability of cloud infrastructures, (ii) fault-tolerant computing in WANs, and (iii) cost-effective resilience. In 2013, the group received two best paper awards: USENIX LISA2013 and ACM DEBS2013. In 2014, Dr. Torvald Riegel who graduated in 2013, received the 2014 EuroSys Roger Needham Award. European Project Center (TUD-EPC): TUD has extensive experience in project coordination and project management at national and international level and is, therefore, well placed to coordinate this project. During the period from 2008 until 2012 scientific staff of TUD participated in over 24,000 contracted projects with a total amount of grants of more than 950 million Euro. A European Project Center (EPC) has been established at TUD to support international project management. The EPC is currently coordinating and managing more than 320 projects with a total project volume amounting to over 133 million Euro granted by the European Commission. At the moment, the EPC is supporting the coordinating professors in FP7 projects like FLEXIBILITY (IP), SYBOSS (IP), and ADDAPT. Furthermore, TUD is currently host to 9 European Research Council (ERC) grantees and a partner in the FET Flagships HBP and GRAPHENE. 

Role in the project

TUD will take the role of project coordinator for SERECA, and they will lead the associated WP6, which deals with management. Hence, TUD fills the Project Coordinator (PC), Project Assistant (PA) and a project management position. TUD will contribute to the architecture of secure enclaves, in particular (a) how to incorporate the existing and announced hardware support (ARM TrustZone and Intel SGX) to improve the practical effectiveness and (b) how to implement a secure data storage using enclaves (WP 1).

Within WP2, which investigates mechanisms to establish a distributed infrastructure based on secure enclaves, TUD will lead the tasks to create a secure distributed coordination service with dynamic migration support, and to enable a distributed and secure deployment together with the establishment of secure communication channels. In WP3, TUD will assist with the development of reusable components for secure reactive cloud applications, based on the Vert.x framework, and geo-local enclave deployment. It will lead the task to provide the recovery of secure application states in the case of failures.

TUD will participate in the evaluation (WP4) and help in the dissemination and exploitation activities (WP5). TUD-EPC supported the development of this proposal and will lead on financial, legal, and administrative issues during the implementation of this project (WP6).

Relevant publications

  • Thomas Knauth, Christof Fetzer. dsync: Efficient Block-wise Synchronization of Multi-Gigabyte Binary Data, In Large Installation and System Administration Conference (LISA), USENIX, 2013. (Best paper award)
  • Rapha¨el Barazzutti, Pascal Felber, Christof Fetzer, Emanuel Onica, Jean-Franc¸ois Pineau, Marcelo Pasin, Etienne Rivi`ere, Stefan Weigert. StreamHub: A Massively Parallel Architecture for High-performance Contentbased Publish/Subscribe, In Proceedings of the 7th ACM International Conference on Distributed Event-based Systems, ACM, 2013. (Best paper award)
  • Stefan Weigert, Matti Hiltunen, Christof Fetzer. Community-based Analysis of Netflow for Early Detection of Security Incidents, In Proceedings of the 25th Large Installation System Administration Conference (LISA’11), USENIX Association, 2011
  • Marc Br¨unink, Martin S¨ußkraut, Christof Fetzer. Boundless Memory Allocations for Memory Safety and High Availability, In Proceedings of The 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2011), IEEE Computer Society, 2011
  • Christof Fetzer, Martin S¨ußkraut. Switchblade: Enforcing Dynamic Personalized System Call Models, In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, ACM, volume 42, 2008

Relevant experience

TUD successfully participated in several EU-funded projects, including VELOX69, STREAM70, and SRT-1571. Furthermore, TUD is currently participating in the FP7-funded projects LEADS72 and ParaDIME73. While LEADS focuses on scalable distributed systems, ParaDIME is investigating novel techniques for energy efficient cloud infrastructures.

Moreover, the current research focus of Prof. Fetzer and his research group is on security in cloud environments. Prof. Fetzer leads the Resilience Path of the excellence cluster cfAED where cost-effective resilience mechanisms are studied. The ongoing project SREX (Secure Remote EXecution) targets approaches that allow secure execution of an application in non-trusted and potentially malicious environments. Prof. Fetzers group has 10 years of expertise in dependable and distributed systems, event-based communication systems, and cloud computing. This experience and knowledge will be integrated in SERECA to achieve reliability and security of user applications and data processed in cloud-based infrastructures.

Infrastructures

TUD can provide a cluster of 41 homogeneous server machines to run distributed applications. Each server has 8 cores and 8 GB of main memory. The cluster can also be used to simulate the enclaves, the infrastructure and the services, e.g., the migration of deployment of components.

Key personnel

Prof. Dr. Christof Fetzer (M)

Has received his diploma in Computer Science from the University of Kaiserlautern, Germany (Dec. 1992) and his Ph.D. from UC San Diego (March 1997). As a student he received a two-year scholarship from the DAAD and won two best student paper awards (SRDS and DSN). He was a finalist of the 1998 Council of Graduate Schools/UMI distinguished dissertation award and received an IEE mather premium in 1999. Dr. Fetzer joined AT&T Labs-Research in August 1999 and had been a principal member of technical staff until March 2004. Since April 2004 he heads the endowed chair (Heinz-Nixdorf endowment) in Systems Engineering in the Computer Science Department at TU Dresden. He is the chair of the Distributed Systems Engineering International Masters Program at the Computer Science Department. Prof. Dr. Fetzer has published over 150 research papers in the field of dependable distributed systems, has won two best paper awards (DEBS2013, LISA2013) and has been member of DoA: page 50 of 71 Horizon 2020 ICT-7 2014-2015 SERECA more than 40 program committees.

Jons-TobiasWamhoff (M)

Is a research assistant and participated in FP7 ICT projects in the past. His research focus is on parallel architectures and their implications on software developers, e.g., to simplify parallel programming using transactional memory. He graduated as a M.Sc. from Technische Universit¨at Dresden in 2008 and had previously worked for IBM on the information integration into databases.

Diogo Behrens (M)

Is a research assistant at TU Dresden with a research focus on the design of fault tolerance mechanisms for distributed systems. During his studies, he had worked as an intern for IBM and Yahoo! Research. He graduated as a M.Sc. from the Technische Universit¨at Dresden in 2008.

Thordis Kombrink (F)

Is a project coordinator at the chair of Systems Engineering. She moderates project meetings and monitors the project progress following the SCRUM methodology. In addition, she oversees the chair’s finances. Thordis Kombrink is also the faculty’s Erasmus coordinator. She received a diploma in Economics and a masters degree in Business and Economics Education.

Katja Bottcher (F)

has been a project manager at the European Project Center since 2011. Currently, she is responsible for more than 40 projects within the different specific programmes of FP7. Katja B¨ottcher has extensive experiences in managing and coordinating EU-funded research projects, especially in the 7th Framework Programme. Before joining the EPC, she coordinated the FP7 ICT project PICOS and participated in several FP6 and FP7 ICT projects, such as PRIME and PrimeLife.

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011