The SERECA project aims at removing barriers to the migration to cloud environments. Through the usage of secure commodity CPU hardware, SERECA provides unprecedented security mechanisms able to guarantee protection of sensitive data even against malicious cloud providers. The advantages coming from the SERECA platform adoption may allow the migration to the cloud even in contexts where the Integrity and/or the Confidentiality of data is crucial.

Here some scenarios examples are reported in a "story telling" approach using fictitious characters to convey the main focus of the real challenges that potential cloud users have to address. The idea is to define where and how the SERECA platform can help in the process of migration to the cloud.  

 

Scenario 1 - Public Administration

Anna is the head of the office in charge of filing applications – from citizens and enterprises – for construction authorization at the Municipality of a little town in Italy that is a top tourist attraction. Anna’s staff gathers documents from applicants (both paper-based and paper-less), extracts relevant information, feeds it to the information system of the municipality, interfaces with offices and employees (of the municipality and possibly of other PA organisations) as well as with the public. Anna knows that her office handles sensitive data of a potentially high economic value, and she is aware that in case of a security breach, regardless of the root cause, she would ultimately be liable for the consequences of it. This situation makes Anna feel very uncomfortable. She knows that her direct collaborators are honest people and conscientious workers, who would never expose sensitive information as a result of bribing or sloppiness. However, Anna understands that her office has only control of the first stages of the information flow, since data is handed over to an external IT company for further processing and storage. Anna does not even know the personnel of the company, and thus she has no particular reason to trust them. Of course she knows that the Procurement Office of the Municipality has very high standards for selecting their providers, but still she has no direct trust relationship with them. Anna is not a cyber-security expert, but she feels this organization is not 100% secure. She talks to her husband, Carlo, who is an engineer with 20+ years of experience in the IT sector. Carlo confirms to Anna that her intuition is correct: the possibility that an employee of the external IT company who has super user privileges accesses sensitive information (violation of confidentiality) and possibly modifies it (violation of integrity) is real. Carlo also explains to Anna that this a major limitation of the current State Of The Art of the IT technology. This makes Anna very unhappy, since she now understands that this is an inherent risk of the current offerings and thus careful selection of the IT provider does not help much. She starts browsing the Internet, and she learns about a project called SERECA that is building on top of the new CPU technology provided by Intel (namely: SGX) an innovative and truly secure cloud offering. Anna gets very excited about the advantages that are brought about by SERECA. First, the secure execution environment (called Secure Container) provided by SERECA would protect data from unauthorized access, including attacks by the super user. This would solve the issue of malicious personnel at the IT company, that scares her. Second, SERECA secure communication mechanism (called Secure Bus) would protect data during transfers. Third, SERECA development tools (called Partitioning Tools) would enable easy porting of applications – including legacy ones – and ultimately enable seamless migration to the new platform. Fourth, an infrastructural service (called Secure Coordination Service) would enable the secured applications to run on a distributed platform, for better reliability and performance. Fifth, one of the partners of the SERECA consortium will to go to market with a commercial offering that makes the underlying hardware needed by SERECA readily available. The offering is a Metal as a Service (MaaS) formula with advanced data locality features. In particular, it allows the cloud user to enforce specific limitations on where data is to be stored. This is a fundamental prerequisite for complying to Italian regulations for the Public Administration. In conclusion, it really seems that SERECA provides all the key features that Anna needs for ensuring efficient operation of the office she in charge of.

Scenario 2 - Critical Infrastructure Operator

Marco – the manager of an Italian water distribution infrastructure operator – is responsible for the management of the monitoring infrastructure needed to supervise a wide pipe network and multiple dams. He is aware that the adopted monitoring platform is not enough to ensure the control of the overall infrastructure. He knows that criminal activities or natural phenomena may compromise the integrity of the distribution infrastructure resulting in a devastating impact on the nearby population. He was a child (on 1963) when the Vajont disaster happened: a massive landslide caused a megatsunami in the lake in which 50 million cubic metres of water overtopped the dam in a 250 meters wave. For this reason, he is determined to provide a continuous and advanced monitoring system able to detect at any time anomalous situations.

Marco’s idea is to have a monitoring system able to provide to the operators graphs of sensors measurements in specific range of time, to signal alarms conditions or simply allowing the realtime monitoring. After some bureaucratic procedures Marco decides to put into effect his idea: he starts looking for the current technological solutions available. At the end, after few meetings with some IT companies, he realizes that the market offers a number of technologically advanced solutions but many of these require an IT infrastructure too expensive in terms of set up and maintenance. To overcome such an issue, Marco decides to proceed with an offer proposed by one of those IT companies, that leverages Cloud technology. However, he discovers that there is a unique relevant drawback for the cloud usage, that is the security risk for the outsourced data. Marco knows that the integrity of their data is fundamental. He, then, speaks with a cyber-security consultant who tells him that nothing could avoid the risk that a malicious cloud employee may modify particularly sensitive measurements. Marco immediately thinks of the turbidity measurement: ”What if a terrorist poisons the water and, agreed with the cloud company employee, hides the variation of turbidity to the operators in charge of managing the monitoring system? A tragedy!”.

Fortunately, after some months, an innovative solution comes out. Browsing over the Internet Marco learns about SERECA that leverages a new CPU extension provided by Intel (namely: SGX) that allows to protect sensitive data even against super-privileged users. Marco understands that SERECA fits for his company needs. In fact, first, the secure execution environment (called Secure Container) provided by SERECA will provide guarantees on the data integrity against malicious cloud employee attacks. Second, the secure communication mechanism (called Secure Bus) will protect the transfer of sensors measurements from the dams and the pipes to the cloud platform. Third, an infrastructural service (called Secure Coordination Service) will enable the secured applications to run on a distributed platform, for better reliability and performance. Fourth, the data locality features offered by the SERECA Metal as a Service (MaaS) formula allow to comply with the Italian regulations for the Public Administration (PA) (in Italy water distribution operators are considered by law public administrations). Since the different features provided by SERECA meet Marco’s company needs, he decides to adopt the SERECA platform.

Scenario 3 - eHealth

Aceline is a 45-year-old university professor, who lives in Paris, where she teaches sociology. It has been more than 15 years that she was diagnosed with heart failure, while her 6-year-old daughter Carine has Diabetes type 1 since she was born. Being a chronic patient, Aceline has learnt how to live with her disease and to manage her daughter’s health too, undertaking routine tasks such as measuring periodically vital signs (e.g., blood pressure), taking medicines, or performing tasks like glucose measurements and insulin injections for her daughter. Travelling by car for a conference in Lyon with her husband and her daughter, they experience a quite serious car accident. In accidents, any information regarding the medical history of the injured can be critical. This is the case for Aceline and Carine, who may be at risk due to their illness so their data are retrieved from the EHR database of respective medical institutions.

On discharge, given the risky heart condition of Aceline, the hospital in Lyon equips her with a tele-monitoring kit for remotely monitoring her conditions, to allow her not to cancel the vacation in Barcelona that she and her family had already booked. The kit includes medical devices and a gateway which sends the measured vital signs to the Service Center in Lyon supporting the patients remotely. In case of emergency, she will be called back to the hospital for further investigations and exams.

Aceline truly appreciates all of this. She understands that these advanced ehealth services dramatically improve the quality of her life, as well as Carine’s. However, she knows that the total current healthcare expenditure (both in relative and absolute terms) varies significantly among the EU Member States[1]. Being a sociologist, she is well aware of the potential inequality of treatment that may result from this situation. Aceline, decides to talk to Louise, the hospital CIO, to gain more insight about the main obstacles – from a technical perspective – to the widespread take up of advanced ehealth services. Aceline learns that the ehealth system is based on a complex federated structure,  with challenging security requirements in terms of data distribution, storage, and access. Louise thinks that the only possibility to really cut down costs would me moving from traditional IT solutions to a cloud based setup. Unfortunately, current cloud offerings do not satisfy the requirements of EU regulation on medical data in terms of data protection. In a nutshell, loss of control over sensitive data - which are sent to an untrusted third party – makes the current cloud technology unusable for ehealth applications. Louise also mentions that she has recently heard of a research project called SERECA that is developing an innovative cloud platform that exploits the new SGX technology by INTEL. She is worried about porting legacy medical software to SGX technology but she was relieved to know that thanks to the SERECA partitioning tool and to the SERECA containers such a porting would be seamless. Moving health applications to the cloud while ensuring both confidentiality and integrity of data, even in case of malicious cloud providers, would allow to share interfaces, thus ultimately preserving operators’ and patients’ user experience. Secure access to remote data would be guaranteed by the SERECA coordination service, thus allowing data to be stored close to the source and to be controlled by the owner. The remote attestation service and the improved vert.x features would guarantee security even when data is accessed through telecare kits, since these would be verified remotely before each interaction, thus preventing possible manipulation of the appliance. Louise is very excited about SERECA, since it really seems to have all the key features that she needs, and that are not available in current SOTA cloud offerings.


[1] In 2012, the share of current healthcare expenditure exceeded 10.0 % of gross domestic product (GDP) in six EU Member States (the Netherlands, France, Belgium, Germany, Denmark and Austria), which was almost double the share of current healthcare expenditure relative to GDP recorded in Latvia, Estonia and Romania (6.0 % or less). Source: http://ec.europa.eu/eurostat/statistics-explained/index.php/Healthcare_statistics

 

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011