| EPSRC Reference: |
EP/J020370/1 |
| Title: |
CloudFilter: Practical Confinement of Sensitive Data Across Clouds |
| Principal Investigator: |
Pietzuch, Professor PR |
| Other Investigators: |
|
| Researcher Co-Investigators: |
|
| Project Partners: |
|
| Department: |
Computing |
| Organisation: |
Imperial College London |
| Scheme: |
Standard Research |
| Starts: |
01 May 2012 |
Ends: |
30 April 2013 |
Value (£): |
135,209
|
| EPSRC Research Topic Classifications: |
| Computer Sys. & Architecture |
Information & Knowledge Mgmt |
|
| EPSRC Industrial Sector Classifications: |
| Aerospace, Defence and Marine |
Information Technologies |
|
| Related Grants: |
|
| Panel History: |
| Panel Date | Panel Name | Outcome |
|
09 Feb 2012
|
Data Intensive Systems (DaISy)
|
Announced
|
|
|
Summary on Grant Application Form |
Cloud computing aims to revolutionise traditional ways of service delivery. It enables companies, research institutions and government organisations to consolidate services in a shared ICT infrastructure supported by cloud providers. This reduces ownership and management costs, allows services to scale on-demand and improves energy efficiency. Security considerations, however, are a practical obstacle for the adoption of cloud computing. Cloud providers consolidate data from multiple services, which may result in wide-spread data disclosure when their security is compromised.
Strong cloud security is hard to achieve because it requires that the cloud platform cannot be compromised by hosted applications and that applications belonging to different cloud tenants are isolated to prevent data leakage. It
is even harder for federated clouds, i.e. when a cloud provider uses another provider for some of its services. This is common in a Software-as-a-Service (SaaS) model, in which a provider offers a high-level service that can be reused by other providers. Both clients and cloud providers have an incentive to control the propagation of sensitive data. Clients are often legally responsible for data protection, and cloud providers want to prevent hosting sensitive data to avoid liability claims after security incidents.
The CloudFilter project explores novel methods for exercising control over sensitive data propagation across multiple cloud providers. The targeted outcome is a practical solution that allows clients and cloud providers to control the sensitivity of data that is transferred across their systems and to prevent user actions that would violate data dissemination policies. Our key idea is to provide application-level proxies that transparently monitor data propagation from clients to cloud providers and between cloud providers. These proxies employ a data labelling scheme inspired by decentralised information flow control (DIFC) models, in which security classes express the sensitivity of transfered data. When crossing domain boundaries, labels are attached to data automatically based on data dissemination policies. Proxies verify labels according to domain policies to detect and prevent unauthorised data propagation between cloud domain domains.
|
|
Key Findings |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Potential use in non-academic contexts |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Impacts |
|
| Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
| Summary |
|
| Date Materialised |
|
|
|
|
Sectors submitted by the Researcher |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
| Project URL: |
|
| Further Information: |
|
| Organisation Website: |
http://www.imperial.ac.uk |