Security for Personal Data in the Cloud

The demand for cloud services has never been greater. This brings the issue of data protection to the fore. In the RestAssured project, scientists from the Ruhr Institute for Software Technology paluno at the University of Duisburg-Essen have researched how cloud providers can better protect the personal data of their customers.

Cloud computing is regarded as a key technology for digitization. But when IT services such as software, storage space or computing power are offered in the Internet, data protection is not easy to guarantee. This is because cloud systems are very flexible and networked with each other, as the example of cloud migration illustrates: When many users gather in the mornings for video conferences, the cloud allows peak loads to be cushioned by outsourcing data processing to other data centers. However, according to the General Data Protection Regulation (GDPR), the personal data of EU citizens may not simply be moved outside Europe. How can providers be prevented from inadvertently violating such rules?

In the EU-Horizon2020 project RestAssured*, the paluno working groups of Prof. Maritta Heisel and Prof. Klaus Pohl have developed security mechanisms for data protection in cloud environments together with partners such as IBM, Thales and the University of Southampton. The project was recently completed and the high relevance of the results was confirmed by EU experts.

The special feature of RestAssured solutions is the combination of novel techniques that ensure end-to-end security of data throughout the entire lifecycle. These include hardware enclaves with new encryption technologies that protect even against potential insider attacks from the cloud provider. So-called sticky policies are an additional mechanism. These are data protection rules that are attached to data records and always remain connected to them, even if the data records move on. A special focus of paluno lay on risk analysis and dynamic system adjustments. They enable the systems to react automatically to changing data protection risks. Some of these mechanisms quickly found their way into practice (e.g. the encryption "Parquet Modular Encryption" for the storage format Apache Parquet). Furthermore, tools are being developed on the basis of the RestAssured solutions, that will help small and medium-sized companies without an own IT security department to secure their cloud services.

Further information:

*RestAssured was funded by the EU with almost 5 million euros from 2017 to 2019; around 650,000 euros went to the UDE. The software technology institute paluno was technical coordinator of RestAssured and responsible for the architecture of the overall project.

Prof. Dr. Maritta Heisel, Dr. Zoltán Mann

Selected Publications:

Nazila Gol Mohammadi, Ludger Goeke, Maritta Heisel, Mike Surridge: Systematic Risk Assessment of Cloud Computing Systems using a Combined Model-based Approach.Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-423-7, pages 53-66. DOI: 10.5220/0009342700530066, 2020

Florian Kunz, Zoltán Ádám Mann: Finding risk patterns in cloud system models. Proceedings of the IEEE 12th International Conference on Cloud Computing (IEEE CLOUD), pp. 251-255, 2019

Nazila Gol Mohammadi, Zoltán Ádám Mann, Andreas Metzger, Maritta Heisel, James Greig: Towards an end-to-end architecture for run-time data protection in the cloud.Proceedings of the 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 514-518, 2018

Zoltán Ádám Mann, Andreas Metzger: Optimized Cloud Deployment of Multi-tenant Software Considering Data Protection Concerns. Proceedings of theIEEE/ACM 17th International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 609-618, 2017

