SECURE ENCLAVES FOR REACTIVE CLOUD APPLICATIONS

Consistently rated among the world’s best universities, Imperial College London has a reputation for excellence in research that attracts 14,000 students and 6,000 staff of the highest international quality. The Department of Computing is a leading research unit with an outstanding reputation in computer science and related interdisciplinary activities, and a long track record of funding through EC Framework Programmes. Imperial College London achieved excellent results in the most recent UK Research Assessment Exercise (RAE) and ranks second in the UK Computer Science league table by “research power”, a measure that combines both quality and quantity of research.

Role in the project

IMP will lead WP2 (Mechanisms for distributed secure enclaves) based on their track record in distributed systems, cloud computing, and middleware research. They will play a major role in WP1 and WP3: in WP1, IMP will contribute to the design of the overall architecture of the SERECA cloud platform and offer expertise when designing OS abstractions for secure enclaves; in WP3, IMP will act as a task leader for the work that produces an ecosystem of reusable secure services for building secure reactive applications and the algorithmic work on the policy-compliant and geo-aware placement of secure computation and data across multiple sites. Along with the other partners, IMP will integrate their work as part of the validation activities in WP4.

Relevant publications

  • Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, and Peter Pietzuch. High-Performance Event Processing with Information Security, USENIX Annual Technical Conference (USENIX ATC’10), 2010
  • Jean Bacon, David Evans, David M. Eyers, Matteo Migliavacca, Peter Pietzuch, and Brian Shand. Enforcing End-to-end Application Security in the Cloud, 11th ACM/IFIP/USENIX International Middleware Conference (Middleware’10), 2010
  • Ioannis Papagiannis, Matteo Migliavacca and Peter Pietzuch. PHP Aspis: Using Partial Taint Tracking To Protect Against Injection Attacks, 2nd USENIX Conference on Web Application Development (WebApps’11), 2011
  • ChenxiWang, A. Carzaniga, D. Evans; A. L.Wolf. Security issues and requirements for Internet-scale publishsubscribe systems, Proceedings of the 35th Annual Hawaii International Conference on Systems Sciences (HICSS’02), 2002
  • N. Arshad, D. Heimbigner, A. L. Wolf. Deployment and dynamic reconfiguration planning for distributed software systems, Software Quality Journal, vol. 15, no. 3, 2007

Relevant experience

Imperial College London has a distinguished track record of world-class research in critical areas of relevance to SERECA: security, distributed systems, software systems, middleware, cloud computing, networking, and software engineering. These areas represent the work of more than 15 academic staff and 75 researchers, contributing to seminal work in architectural- and component-based software design, distributed middleware, Internetscale communication services, high-performance messaging, data-centric security, data-center networking, resource allocation in distributed systems, and architectures for cloud computing applications. The IMP key personnel maintain substantive collaborations with, among others, BAE, Cisco, Detica, Google, HP, IBM, Microsoft, Morgan Stanley, Nexor, Orange Labs/France Telecom, and the UK National Health Service.

Infrastructures

IMP will contribute the shared usage of a substantial private cloud test-bed to the project that is hosted at the Department of Computing. It consists of the following hardware (valued at over EUR 150,000):

  • 3 x Dell PowerEdge C6220 compute servers, providing 12 virtualisation hosts. Each node contains two Intel Xeon E5-2690 8-core 2.9 GHz processors, 128 GB of RAM and two 1 TB hard drives.
  • 2 x Dell PowerEdge R720. Each server has two Intel Xeon E5-2640 2.50 GHz six-core 2.5 Ghz processors, 64 GB of RAM, two 300 GB hard drives and 24 1 TB hard-drives.
  • 2 x Dell PowerEdge R720. Each server has two Intel Xeon E5-2640 2.50 GHz six-core 2.5 Ghz processors, 64 GB of RAM, two 300 GB hard drives and 24 1 TB hard-drives
  • 1 x NetApp NetApp F2240A-2 dual-controller filer with a raw storage capacity of 60 TB.

Key personnel

Dr. Peter Pietzuch (M) (Senior Lecturer in Computing).

Dr. Pietzuch heads the Large-Scale Distributed Systems (LSDS) research group, investigating new abstractions and infrastructures for building scalable, reliable, and secure distributed applications. His work bridges the areas of distributed systems, security, networking, and database research. He currently is the PI on two nationally-funded projects, CloudSafetyNet (on data-centric security mechanisms for cloud computing), and Network-as-a-Service (on new architectures for data centre networking). He has published over sixty articles in international, highly competitive, peer-reviewed venues, including USENIX ATC, NSDI, SIGMOD, VLDB, ICDE, ICDCS, DEBS, and Middleware. He serves as a Steering Committee member of the ACM Conference on Distributed Event-based Systems (DEBS) and was a Programme Chair for DEBS 2013. Before joining Imperial College London, he was a Post-Doctoral Fellow at Harvard University.

Prof. Alexander Wolf (M) (Chair in Computing)

Prof. Wolf heads the Experimental Software Systems research group and served as head of the Distributed Software Engineering research section. Currently he acts as coordinator on the FP7 HARNESS project on heterogeneity in cloud computing. He previously held an Endowed Chair at the University of Colorado at Boulder, where he coordinated several multi-million-dollar DARPA and AFRL projects. He has published in the areas of software engineering, distributed systems, and networking (Hirsch index: 44), in venues that include ICSE, SIGCOMM, PODC, Middleware, and SIGMOD, and the journals TOCS, TOSEM, TOPLAS, TSE, and TKDE. He is known for his seminal work in software architecture, distributed publish/subscribe communication, and content-based networking. Prof. Wolf is a Fellow of the ACM, the IEEE, and the BCS.

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011