TClouds is proud to publish a collection of 15 fact sheets containing high-level descriptions of technology components, prototypes, and use cases developed within the TClouds project. These fact sheets explain the advantages of TClouds technology in an easily accessible way.

Link to TClouds Fact Sheets

 

The new leaflet is available.

 

Take a look on it here: TCLOUDS LEAFLET

 

Christian Cachin and I published an overview on trusted clouds at IEEE Spektrum:

Christian Cachin, Matthias Schunter: A Cloud You Can Trust -
How to ensure that cloud computing's problems—data breaches, leaks, service outages—don't obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.

Read it online at
http://spectrum.ieee.org/computing/networks/a-cloud-you-can-trust/0

There are many reports on the Internet about cloud outage that caused massive losses to both providers and companies hosting their applications there (see here for the 10 worst according to Infoworld). One of the key concepts that TClouds is exploring is the use of multiple commodity clouds to form a cloud-of-clouds able to tolerate a large spectrum of problems. This concept was recently demonstrated by some TClouds researchers with the DepSky storage system, whose a paper appeared in the ACM EuroSys’11 conference.

Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André and Paulo Sousa. DepSky: Dependable and Secure Storage in a Cloud-of-Clouds. In 6th ACM SIGOPS/EuroSys European Systems Conference (EuroSys'11), pp 31-45. April 2011.

In the paper, the researchers show a new data replication protocol that can be used to explore the fault independence of different storage cloud providers to implement a shared data storage that support updatable arbitrarily-sized object storage. These new protocols make use of techniques like secret sharing and erasure codes to provide confidentiality and storage-efficiency for the stored data.

The DepSky system was implemented on four commercial storage clouds (Amazon S3, Rackspace Files, Windows Azure Blob Service, Nirvanix CDN) forming a cloud-of-clouds trusted storage system. Experiments were performed with clients spread around the planet to assess the merits and drawbacks of the cloud-of-clouds approach for storage. The results show that the use of erasure codes make DepSky storage monetary costs from 23% to 50% more than single cloud storage (on average). In terms of performance, the DepSky read protocol presents better latency than any single cloud (data is fetched from the faster cloud at the moment) while the write protocol latency is similar to the worst cloud write latency (data needs to be written not on a single cloud, but on a quorum of them). Another interesting result show in the paper is the use of a cloud-of-clouds (with the 4 mentioned providers) make the perceived availability of the service is almost 100%, a fact that were not observed for any individual cloud storage provider.

The paper "TwinClouds - Secure Cloud Computing with Low Latency" has been accepted to the Communications and Multimedia Security (CMS'11) conference. The authors are Sven Bugiel, Stefan Nürnberger, Ahmad-Reza Sadeghi and Thomas Schneider.

Abstract: Cloud computing promises a cost effective enabling technology to outsource storage and massively parallel computations. However, existing approaches for provably secure outsourcing of data and arbitrary computations are either based on tamper-proof hardware or fully homomorphic encryption. The former approaches are not scaleable, while the latter ones are currently not efficient enough to be used in practice.

We propose an architecture and protocols that accumulate slow secure computations over time and provide the possibility to query them in parallel on demand by leveraging the benefits of cloud computing. In our approach, the user communicates with a resource-constrained Trusted Cloud (either a private cloud or built from multiple secure hardware modules) which encrypts algorithms and data to be stored and later on queried in the powerful but untrusted Commodity Cloud. We split our protocols such that the Trusted Cloud performs security-critical pre-computations in the setup phase, while the Commodity Cloud computes the time-critical query in parallel under encryption in the query phase.

A paper from the TClouds Team has been accepted at ESORICS 2011:

Sören Bleikertz, Thomas Gross, Matthias Schunter, Konrad Eriksson: Automated Information Flow Analysis of Virtualized Infrastructures, European research event in Computer Security (ESORICS 2011)

You can download the Submission Version (PDF)

Abstract The use of server virtualization has been growing steadily, but many enterprises are still reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly con figuring virtualized cloud infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support. We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information ow analysis based on graph traversal. The system discovers the actual con figurations of diverse virtualization environments and uni fies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system e ffectively reduces the analysis complexity for humans from checking the entire infrastructure, to checking a few well-designed trust rules on components' information flow.