ESCUDO-CLOUD produces innovation on a wide front: it provides advanced and novel technical solutions and software tools (which enjoy practical applicability, compatibility, and integrability with current technologies) for empowering data owners to fully enjoy cloud services while maintaining control over their data.
The main innovative results of the project are then a family of modular techniques and associated software implementations, which form the ESCUDO-CLOUD middleware and can be independently or jointly deployed in different scenarios and environments.
Innovative techniques developed by ESCUDO-CLOUD address different aspects.
- Comprehensive cloud requirements analysis: concise set of common requirements built from real world scenarios that can be used as a template on which to frame security decisions for cloud services.
- Data protection at rest: analysis of the characteristics of existing solutions for protecting data in the cloud and their realization in cloud platforms (OpenStack).
- Object storage integrity and consistency: techniques guaranteeing data integrity and consistency in multi-user cloud services, in scenarios where the cloud provider is not trusted.
- Over-encryption in Swift: solutions enabling convenient management of encryption to objects stored in the cloud and supporting the enforcement of dynamic access control policies in the OpenStack Swift platform.
- Mix&Slice: efficient solution for supporting access revocation on resources stored at external cloud providers.
- Query on encrypted data: efficient solution based on OPE protocol and client-side encryption for supporting queries over encrypted data.
- Selective sharing: novel solution based on an oblivious OPE protocol and secure multiparty computation for supporting selective sharing among multiple users.
- Query integrity: novel probabilistic techniques for efficiently verifying the integrity of approximate joins, many-to-many joins, and joins among more than two tables.
- Access privacy: effective and efficient solutions guaranteeing confidentiality of access, with support for range queries and access control restrictions, and also operating in distributed settings.
- Multi/Federated cloud architecture: Data Protection as a Service (DPaaS) paradigm supporting users in storing and sharing data in a multi-cloud environment without putting their trust in the cloud providers.