EPSRC logo

Details of Grant 

EPSRC Reference: EP/J020370/1
Title: CloudFilter: Practical Confinement of Sensitive Data Across Clouds
Principal Investigator: Pietzuch, Professor PR
Other Investigators:
Researcher Co-Investigators:
Project Partners:
Department: Computing
Organisation: Imperial College London
Scheme: Standard Research
Starts: 01 May 2012 Ends: 30 April 2013 Value (£): 135,209
EPSRC Research Topic Classifications:
Computer Sys. & Architecture Information & Knowledge Mgmt
EPSRC Industrial Sector Classifications:
Aerospace, Defence and Marine Information Technologies
Related Grants:
Panel History:
Panel DatePanel NameOutcome
09 Feb 2012 Data Intensive Systems (DaISy) Announced
Summary on Grant Application Form
Cloud computing aims to revolutionise traditional ways of service delivery. It enables companies, research institutions and government organisations to consolidate services in a shared ICT infrastructure supported by cloud providers. This reduces ownership and management costs, allows services to scale on-demand and improves energy efficiency. Security considerations, however, are a practical obstacle for the adoption of cloud computing. Cloud providers consolidate data from multiple services, which may result in wide-spread data disclosure when their security is compromised.

Strong cloud security is hard to achieve because it requires that the cloud platform cannot be compromised by hosted applications and that applications belonging to different cloud tenants are isolated to prevent data leakage. It

is even harder for federated clouds, i.e. when a cloud provider uses another provider for some of its services. This is common in a Software-as-a-Service (SaaS) model, in which a provider offers a high-level service that can be reused by other providers. Both clients and cloud providers have an incentive to control the propagation of sensitive data. Clients are often legally responsible for data protection, and cloud providers want to prevent hosting sensitive data to avoid liability claims after security incidents.

The CloudFilter project explores novel methods for exercising control over sensitive data propagation across multiple cloud providers. The targeted outcome is a practical solution that allows clients and cloud providers to control the sensitivity of data that is transferred across their systems and to prevent user actions that would violate data dissemination policies. Our key idea is to provide application-level proxies that transparently monitor data propagation from clients to cloud providers and between cloud providers. These proxies employ a data labelling scheme inspired by decentralised information flow control (DIFC) models, in which security classes express the sensitivity of transfered data. When crossing domain boundaries, labels are attached to data automatically based on data dissemination policies. Proxies verify labels according to domain policies to detect and prevent unauthorised data propagation between cloud domain domains.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.imperial.ac.uk