|Mission statement||Returning Data Control to Users|
|Type of project||Research project|
|Products||Suite of novel security tools, techniques and capabilities|
|Key people||Ryan Ko, Richard Nelson, Geoff Holmes|
|Budget||$12,223,770 funded by Ministry of Business, Innovation, and Employment (MBIE)|
Security Technologies Returning Accountability, Trust and User-centric Services in the Cloud (STRATUS) will create a suite of novel security tools, techniques and capabilities which return control of data to Cloud computing users. The aim is to empower users to be able to control their security of their data in the Cloud and to give companies tools and services to sell.
STRATUS is executed by a team of leading Cloud security researchers and practitioners from University of Waikato, University of Auckland, Unitec Institute of Technology and Cloud Security Alliance.
- 1 STRATUS Explainer
- 2 Research Aims
- 2.1 Research Aim 1 - Transparency and Audibility of Data Activities in Clouds (RA1)
- 2.2 Research Aim 2 - Protection of Privacy of Data During Processing and Storing (RA2)
- 2.3 Research Aim 3 - Awareness and Response to Anomalous Data Activities (RA3)
- 2.4 Research Aim 4 - Resiliency and Recovery of Data (RA4)
- 3 References
There are four Research Aims under umbrella of STRATUS consisting of eight research projects.
Research Aim 1 - Transparency and Audibility of Data Activities in Clouds (RA1)
The aim is to address issues of users being unaware of what is happening to their data and who is responsible for these actions while data is in the cloud. Currently, cloud users have to trust cloud providers to store and process their data without breaching any privacy and security concerns. Cloud users are also often unaware if cloud providers follow best practices of international standards and guidelines.
Potential Benefits and Outcomes
STRATUS will enable cloud users to trace and reconstruct data provenance, i.e. "what's happened to their data" behind the scenes. Technologies enabling cloud users and other cloud stakeholders to keep track of the provenance (i.e. derivation history) of their data will be built 0 enabling them to know if malicious insiders have accessed their data, or whether the users have leaked their important data to foreign systems. They will be able to see exactly what happened to their data, who performed what actions, when and where it happened. This provenance can be used for security audit, forensics, and data analysis.
STRATUS also covers the crucial governance aspects of cloud data and links technical implementations with auditing and compliance guidelines, standards, or regulations (e.g. CSA CCM, ISO27001, and PCI DSS). From the global security perspective, STRATUS will address the difficulty in tracking criminals who use evasion and encryption techniques to mask their digital trails and activities.
- Cloud providers including public and private cloud providers that offer SaaS, PaaS, or IaaS model
- Cloud users an process and/or store data in the cloud
- Mobile users
- Companies applying Bring-Your_Own_Device (BYOD) policies
- Law enforces and cyber crime investigator
- IT Auditors
Projects in RA1
Project 1: Tracking and Reconstruction of Data Provenance
Project 2: Data Governance and Accountability in Clouds
Research Aim 2 - Protection of Privacy of Data During Processing and Storing (RA2)
Cloud computing is and emerging paradigm offering companies (virtually) unlimited data storage and computation at attractive costs. Despite its benefits, it introduces new challenges for ensuring data confidentiality. Sensitive data such as medical records and images, business or governmental data cannot be stored unencrypted in the cloud. State-of-the-art encryption techniques can ensure data confidentiality but do not allow complex operations over encrypted data in multi-user settings, where data is shared among multiple users who may join or leave the organization.
More specifically, existing proposals require re-encryption of shared data when existing users leave the organization due to the lack of scalability in key management. Thus, it is a challenging problem to come up with a multi-user searchable encryption scheme that has scalable key management (where each user has her own key) with easy revocation, which is efficient in terms of executing operations as well as secure in a sense that the cloud server should not be able to infer sensitive information (even from any statistical analysis). In this project, to fill the gap, we propose a solution to solve this challenging problem.
STRATUS will ensure security and efficiency of outsourced data and images. It will enable the execution of complex operations over encrypted data and images in such a way that cloud servers can efficiently perform operations without learning about actual information.
Furthermore, STRATUS allows multiple users to read and write the data without sharing any secret key. That is, each authorized user can be added and revoked at any time without re-encrypting existing data that is already shared.
- Cloud providers
- Cloud consumers that process or restore data in a cloud
- Small-to-medium enterprises
- Healthcare providers
- Law enforcement
Projects in RA2
Project 3: Secure Information Retrieval/Encrypted Search
Project 4: Efficient Privacy and Utility Preserving Encryption
Research Aim 3 - Awareness and Response to Anomalous Data Activities (RA3)
This RA addresses the problem of recognizing potential cloud security breaches and alerting affected users as soon as possible. This will enable cloud users and administrators to be better informed about events that should concern them in a way that is user friendly and easy to comprehend. This RA will also provide the ability to react to these events, by identifying the source of the vulnerabilities and allowing data access to be revoked if necessary.
Potential benefits and outcomes
The main expected outcome is a system that allow cloud users and administrators to explore the history of activities involving their cloud data and have significant events highlighted for them. The system will also enable cloud users to be immediately notified about any events that affect them or their data. The system can also be used to provide visibility into relevant aspects of the cloud infrastructure, which could help cloud administrators find and react to potential breached before the system is compromised.
The benefits from this system are that all cloud stakeholders can achieve better awareness of what is happening to the cloud and their data within it. Administrators can feel confident that important issues will be brought to their attention without having to go looking for them. Users can feel secure knowing that there is a monitoring system in place that will alert them immediately should a security arise.
- Cloud providers, both public and private.
- Cloud administrators who require more visibility into the behavior of their cloud.
- Cloud users that process and/or store data in the cloud, be they Government, private business or individual.
- IT auditors.
Projects in RA3
Project 5: Real-time Situational Awareness
Project 6: Effective Cloud Vulnerability Scanning
Project 7: Attribution and Revocation Actions
Research Aim 4 - Resiliency and Recovery of Data (RA4)
Data loss and service unavailability caused by unforeseeable disasters are critical issues faced by all ICT companies. These disasters include hardware failure, negligent operations as well as malicious intrusions.
Our research aims to provide a comprehensive solution enabling data high availability and service continuity. We are looking at data and service resilience even in some extreme situation, such as failure of a whole datacenter.
Potential benefits and outcomes
Our research activities are highly aligned to industrial requirements and trends. We intend to provide open source and community base alternatives to expensive commercial products on cloud backup and replication.
Our breakthrough technique us rRVM. rRVM supports real time disaster recovery via reverse replication of virtual machine (RVM). The system enables simultaneously high recovery consistency and low response latency for real-time fault tolerance system.
The prototype of rRVM has been developed, and a research paper on rRvm has been submitted to a top-level conference.
- Public cloud provider
- Companies using public cloud
- Companies owning private cloud
Projects in RA4
Project 8: Rapid Disaster Recovery Infrastructure
-  University of Waikato receives more than $35 million in MBIE research funding.