|
|
TClouds is co-financed by the European Commission under EU Framework Programme 7
TClouds is proud to publish a collection of 15 fact sheets containing high-level descriptions of technology components, prototypes, and use cases developed within the TClouds project. These fact sheets explain the advantages of TClouds technology in an easily accessible way.
DG Connect (Unit E2) launches a web-based Public Consultation with a view to defining future research priorities in Cloud Computing, Software and Services, ahead of the H2020 ICT Work Programme 2014-15. All interested stakeholders (industry, research centres, academia, SMEs and users) are warmly invited to contribute.
The consultation will run from February 27th until April 2nd 2013.
When this consultation is completed, a post-consultation Workshop will be held in Brussels on Wednesday, 17 April 2013 in order to discuss and validate the views expressed by different actors during the consultation.
To find out more about this consultation please follow the link https://ec.europa.eu/digital-agenda/en/public-consultation-advanced-cloud-infrastructures-and-services
The CloudDP-2013 workshop addresses various aspects of data processing systems and cloud platforms and presents work describing methods of how data can be processed and managed in cloud environments.
The 3rd International Workshop on Cloud Data and Platform (the full name of CloudDP-2013) takes place in Prague, Czech Republic, on April 14, 2013 in conjunction with the ACM EuroSys 2013 conference.
Four presentations of TClouds-originated research results will be given at the workshop and one of the two keynote presentations will focus explicitly on security in cloud computing. For more information, see the CloudDP-2013 website at
http://clouddp13.doc.ic.ac.uk/
The IDC Cloud Leadership Forum presents in-depth coverage of recent trends in cloud computing. Christian Cachin will speak at the IDC Cloud Leadership Forum in Vienna on April 9 and cover security technology developed by TClouds.
Find more information about the IDC Cloud Leadership Forum at
http://idc-austria.at/de/events/50701-idc-cloud-leadership-forum-2013
In its role as a key driver of the Cloud Computing security research community, the TClouds project officially sponsors the 3rd IEEE Workshop on Security and Privacy Engineering, to be held as part of the IEEE 9th World Congress on Services, June 27-July 2, 2013, Santa Clara Marriott, CA, USA (Center of Silicon Valley).
Built upon the success of spectrum of conferences within the IEEE World Congress on Services, the Security and Privacy Engineering (SPE 2013) workshop is a unique place to exchange ideas of engineering secure systems in the context of service computing or cloud computing. The emphasis on engineering in security and privacy of services differentiates the workshop from other traditional prestigious security and privacy workshops, symposiums and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia.
The submission deadline was extended to April 1st, 2013; contributions are highly welcome!
There is an event on "Cloud and your business". It will take place in London, UK on 19th March 2013. Beneath you will find the link to the event, a short description, the programme and some information how you can register.
Link: http://www.smi-online.co.uk/utility/uk/masterclass/cloud-demystified-for-the-utilities-sector?
Cloud Computing promises to reduce costs and to push innovation; however, before deciding whether to incorporate this within your business model, it is wise to recognise the factors associated with this technology first. Against this backdrop, SMi Group’s timely, interactive masterclass will provide an overview of what the Cloud is, but more importantly, what the Cloud is not.
Key concerns and the realities of what it means to have your business in the Cloud will be carefully considered and addressed as potential issues of buying into the Cloud. How to avoid these potential issues will be demonstrated along with some practical examples of how you might employ the Cloud. In addition to soVision, this full-day session will feature a Cloud infrastructure expert from Rise to discuss some of the more technical aspects of the infrastructure behind the scenes.
Programme:
09.00 Welcome & Introductions
09.10 What the Cloud is, but more importantly, what the Cloud isn't
• Understand how your organisation can benefit and if it is the right fit for your business
• Realise the differences between various Cloud Providers in the marketplace
09.50 Security and Risk Concerns shifting to a Cloud environment
• Comparison of IaaS provider Datacentre level security and typical end user network security
• Cost, Downtime, Maintenance, Redundancy, Performance
10.50 Morning Coffee
11.10 Live demonstrations of Cloud solutions applied in a various business scenarios
• The benefits a hosted desktop solution brings
• See real-time secure collaborative communications on multiple devices, ie. iPhone/iPad, Thin Client, Laptops, and others…
12.00 Group Discussion
12.30 End of Session
HOW TO BOOK
Register online: www.smi-online.co.uk/utilities-cloud.asp
Contact Teri Arri
Tel: +44 (0) 20 7827 6162
Email:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
On June 6, 2012, the Article 29 Working Party adopted its long awaited Working Document on elements and principles for Processor Binding Corporate Rules.
Article 29 Working Party, WP 195, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp195_en.pdf
Processor BCR are a data protection code of conduct, which is to be implemented internally by a large internationally operating enterprise. They are intended to provide an adequate level of data protection within a company allowing data transfer to outside of the European Economic Area without further contracts or authentication. The longer established BCR for data controllers were not enabling globally operating data processors such as most Cloud Service Providers (CSP) to profit.
Processor BCR could prove to be a vital cloud enabler since they address one of the most crucial issues from a European point of view: the global data flow of borderless clouds. It allows big multinational CSPs to apply to EU customers without reserving only EU facilities for these customers or providing complex individual contracts for each customer. The implementation of Processor BCR within a globally operating commodity CSP could give this CSP a significant competitive advantage with regard to European customers. Using a CSP with authorised Processor BCR in place is as legally compliant as using a solely EU based cloud without complex additional contracts allowing the data transfer.
The Working Document sets up a table with requirements and principles for Processor BCR. Parallel to BCR for controllers the requirements include:
In the following I will highlight some requirements for Processor BCR highly affecting CSPs that want to establish this code of conduct.
Public Availability
Contractually seen, Processor BCR would be part of the contract between the customer and the CSP implementing the BCR. A CSP is required to reference the BCR in his Service Level Agreements and publish them e.g. on his website. Therefore, some provisions of the BCR may unfold binding character for the customer as well, depending on how they’re phrased.
Liability
A key provision in the Processor BCR is the processor’s (including CSPs) acceptance of a liability for paying compensation for any damages resulting from the breach of BCR. Liable will be the main EU based member of the processor’s corporate group. This member would assume liability for any breach committed by another member of the group or a subprocessor. The liable member therefore has to prove that it has sufficient assets when applying for acceptance of its Processor BCR. In case that the corporation does not have an EU-based member, the corporations headquarter must assume liability.
Additionally, the processor has to grant third-party beneficiary rights to data subjects in the event the data controller factually disappears, ceases to exist in law or becomes insolvent, including judicial remedies and compensation for any breach of the data subject’s rights by the processor.
Commitment to cooperation
Processor BCR require the processor to commit to cooperation with the controller and European DPAs. This includes accepting audits by the competent DPA and reasonably assisting the controller in complying with data protection laws, including handling complaints and requests of the data subject and responses to DPA inquiries.
For a CSP with multiple customers in the EU this would mean to cooperate with several DPAs. It is therefore absolutely necessary to unify the European data protection framework and standardize the audit procedure.
Transparency on subcontractors
Outsourcing of data processing to subcontractors that are not part of the Processor BCR is limited. The cloud customer must give his prior consent to this onward transfer to external subcontractors. This can happen via a general consent to subcontracting given when the SLA is agreed upon. In this case the customer still needs to be informed about all subcontractors and all intended replacements or additions of sub processors. For any intended change the customer would have the chance to object or terminate the contract prior to the onward transfer of data. The involvement of subcontractors must only happen on basis of a written agreement between the CSP and the subcontractor that the level of protection mirrors the Processor BCR and SLAs of the CSP.
This requirement could prove to be a major drawback in the highly dynamic cloud market. The Processor BCR are clearly tailored to processors with small fluctuation among its subcontractors.
The Unit "Trust and Security" (F5) of the European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT) and the European Network and Information Security Agency (ENISA) are organizing the Annual Privacy Forum 2012 (APF’2012).
It will be a two day event with the objective to provide a forum to academia, industry and policy makers in the field.
Date: 10th and 11th of October 2012 at Limassol
For more infos click here
The International Working Group on Data Protection in Telecommunications, the so-called "Berlin Group", has published a working paper on cloud computing in the wake of its 51st meeting in Sopot (Poland) last week.
The "Sopot Memorandum" on privacy and data protection issues in cloud computing emphasizes that cloud computing must not lead to a lowering of data protection standards as compared to conventional data processing. The paper lists recommendations and gives guidance on best practices to enhance privacy and security in cloud environments. The group urges cloud providers to develop practices in order to offer greater transparency, security and accountability of their infrastructure and contractual clauses.
The Berlin Group strongly supports research activities like the TClouds project to push privacy by design technologies and legal guidance in order to achieve a higher level of trust in public clouds.
Cyber Security & Privacy EU Forum 2012
Event to be held at the following time, date, and location:
24 Apr 2012 at 8:00 AM to
25 Apr 2012 at 5:30 PM (GMT+0100)
"The Dahlem Cube” at the Seminaris Campus Hotel Berlin
Takustraße 39 14195 Berlin
Tel. +49(0)30 - 557797-0 Fax +49(0)30 - 557797-100
14195 Berlin
Germany
The CSP EU Forum is a European Conference on Cyber Security and Privacy organized by EffectsPlus in coordination with Trust and Security Unit of DG INFSO.
We are happy to announce that our results of the project's first year are now publicly available.
You can download all 12 deliverables here:
Please do not hesitate to give us feedback!
Several researchers of TClouds are involved in organizing this important workshop on dependable cloud computing.
--------------------------------------------------------------------------
Call for Papers - EWDCC 2012
==========================================================================
1st European Workshop on Dependable Cloud Computing (EWDCC 2012)
==========================================================================
In conjunction with the 9th European Dependable Computing Conference -
EDCC 2012
May 8th, 2012
Sibiu, Romania
http://ewdcc12.di.fc.ul.pt/
SPONSORSHIP
The 1st EWDCC is sponsored by European Commission through the TClouds
Project (http://www.tclouds-project.eu/).
IMPORTANT DATES
Submission deadline: January 27th, 2012
Author notification: March 14th, 2012
--------------------------------------------------------------------------
OVERVIEW
With the increasing variety of cloud offerings, ranging from very basic
infrastructure services, such as storage and virtual machines, to
more complex platform services (e.g., providing database-like
functionality), to end-user directed solutions such as web-based office
tools, there is an ongoing trend to outsource all kinds of applications
to the cloud.
However, recent studies on cloud offerings and hardware in general show
that clouds are less reliable than traditional data centers, and hardware
faults are more common than previously assumed. Moreover, the very fact
that cloud services need to be accessed remotely, through the Internet,
make their perceived availability directly dependent from the availability
of the communication between clients and providers. In combination, this
basically inhibits the outsourcing of critical applications (e.g.,
financial or medical services) to the cloud.
Besides that, recent failure events on big cloud providers such as Amazon
raised an alert about the dangers of running critical applications on such
third party infrastructures.
The 1st EWDCC workshop aims to provide a platform for discussion and
dissemination of early-stage recent research efforts that explicitly aim
at supporting dependability in the context of cloud computing. We expect
the workshop to foster discussion between researchers from both industry
and academia.
--------------------------------------------------------------------------
TOPICS
The workshop welcomes submissions on all aspects of dependability in cloud
computing, data center architectures, scalable systems and virtualization
technology. Some of the topics of interest are:
* Virtualization-based mechanism for tolerating faults and intrusions
* Dependability issues in virtualization technology
* Scalability issues in dependable systems
* Security and privacy in the Cloud
* Data center dependability issues
* Disaster recovery for cloud-based and Internet-scale systems
* Cloud dependability metrics, models, studies and benchmarks
* Large scale problem diagnosis and recovery
* Intrusion detection and tolerance in cloud environment
* Service-oriented architectures dependability
* Dependability issues in "cloud programming models" such as MapReduce
* Service Level Agreement (SLA) and Quality of Service in the cloud
More information about the workshop can be obtained in the webpage
(http://ewdcc12.di.fc.ul.pt/) by emailing to ewdcc12_AT_di.fc.ul.pt
--------------------------------------------------------------------------
SUBMISSION INSTRUCTIONS
The workshop will accept two formats of papers: regular papers (maximum
6 pages) and position papers (maximum 2 pages). Position papers allow
researchers to present more speculative/futuristic ideas to stimulate
discussion and further work. All papers will be published at the ACM
digital library and thus have to adhere ACM 8.5”x11” two-column
camera-ready format. Instructions about how to submit papers can be found
on the web site http://ewdcc12.di.fc.ul.pt/. More information about the
workshop can be obtained by email to the same address.
At least one author of an accepted paper must register at the conference
and present the paper at the workshop.
--------------------------------------------------------------------------
BEST PAPER
Besides the publication of the workshop proceedings at the ACM digital
library, the authors of the best papers of the workshop will be invited
to submit a revised version of the papers to SIGOPS Operating System
Review (http://www.sigops.org/osr.html).
--------------------------------------------------------------------------
WORKSHOP ORGANIZERS
Alysson Bessani
Rüdiger Kapitza
PROGRAM COMMITTEE
Christian Cachin, IBM Zurich, Swiss
Brendan Cully, University of British Columbia, Canada
Sameh Elnikety, Microsoft Research, USA
Ilir Gashi, City University London, UK
Marius Minea, “Politehnica” University of Timisoara, Romania
Henrique Moniz, Microsoft Research, UK
Kaustubh Joshi, AT&T Labs Research, USA
José Orlando Pereira, Univesity of Minho, Portugal
Marcelo Pasin, University of Lisbon, Portugal
Dana Petcu, Western University of Timisoara, Romania
Peter Pietzuch, Imperial College London, UK
Hans P. Reiser, University of Passau, Germany
Matthias Schunter, IBM Zurich, Swiss
Marco Serafini, Yahoo! Research Barcelona, Spain
Johan Tordsson, Umeå Universitet, Sweden
José Luis Vázquez-Poletti, Complutense University of Madrid, Spain
Marco Vukolic, Eurecom, France
Christian Cachin, Matthias Schunter: A Cloud You Can Trust -
How to ensure that cloud computing's problems—data breaches, leaks, service outages—don't obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.
Today, the W3C Tracking Protection Working Group (co-chaired by M. Schunter the TCouds Technical leader) has released its First Public Working Drafts (FPWD):
"To address rising concerns about privacy on the Web, W3C publishes today two first drafts for standards that allow users to express preferences about online tracking:
- Tracking Preference Expression (DNT), which defines mechanisms for users to express cross-site tracking preferences and for sites to indicate whether they honor these preferences.
- Tracking Compliance and Scope Specification, which defines the meaning of a "Do Not Track" preference and sets out practices for websites to comply with this preference.
These documents are the early work of a broad set of stakeholders in the W3C Tracking Protection Working Group, including browser vendors, content providers, advertisers, search engines, and experts in policy, privacy, and consumer protection. W3C invites review of these early drafts, expected to become standards by mid-2012. Read the full press release and testimonials and learn more about Privacy."
This release has triggered an extensive series of news items in press including sources such as the Wall Street Journal, the BBC, Slashdot, and IBM's Privacy Blog.
Matthias Schunter, the technical leader of TClouds, has been invited to co-chair the Tracking Protection Working Group of the World-Wide Web Consortium.
The Tracking Protection Working Group is chartered to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements. The group seeks to standardize the technology and meaning of Do Not Track, and of Tracking Selection Lists.
The kick-off meeting on September 21+22 in Boston MA, managed to assemble many important stakeholders. By allowing users to opt out of tracking, a substantial privacy concern in the cloud will be reduced.
Don’t miss the opportunity to join the EC-ETSI workshop “Standards in the Cloud: a transatlantic mindshare” http://www.etsi.org/WebSite/NewsandEvents/2011_09_STANDARDSINTHECLOUD.aspx
The event, co organized by ETSI and EC DG INFSO, in cooperation with NIST, EuroCIO and EuroCloud, will be held at CICA in Sophia-Antipolis, France, on 28th – 29th September 2011
An updated agenda is now available at: http://www.etsi.org/WebSite/NewsandEvents/CLOUD_PROGRAMME.aspx
Register for the event at: http://webapp.etsi.org/meetingCalendar/MakeChoice.asp?mid=29717&date=2011%2D09%2D28+09%3A00%3A00
The objective of the workshop is to:
· Drill down the issues of standards for cloud computing from 3 major angles
* Policy
* Industry and markets (supply and demand side)
* Standards and interoperability
· Gather elements to devise a standards roadmap for EU, including priorities, players and processes
Hotels and transport
Please find here with a list of hotels with which ETSI has negotiated rates.
You should use the form provided to make your booking.
With regards to transportation, we strongly advise a car rental.
Attached are the ETSI negotiated rates.
We look forward to welcoming you to this event !
There are many reports on the Internet about cloud outage that caused massive losses to both providers and companies hosting their applications there (see here for the 10 worst according to Infoworld). One of the key concepts that TClouds is exploring is the use of multiple commodity clouds to form a cloud-of-clouds able to tolerate a large spectrum of problems. This concept was recently demonstrated by some TClouds researchers with the DepSky storage system, whose a paper appeared in the ACM EuroSys’11 conference.
Alysson Bessani, Miguel Correia, Bruno Quaresma, Fernando André and Paulo Sousa. DepSky: Dependable and Secure Storage in a Cloud-of-Clouds. In 6th ACM SIGOPS/EuroSys European Systems Conference (EuroSys'11), pp 31-45. April 2011.
In the paper, the researchers show a new data replication protocol that can be used to explore the fault independence of different storage cloud providers to implement a shared data storage that support updatable arbitrarily-sized object storage. These new protocols make use of techniques like secret sharing and erasure codes to provide confidentiality and storage-efficiency for the stored data.
The DepSky system was implemented on four commercial storage clouds (Amazon S3, Rackspace Files, Windows Azure Blob Service, Nirvanix CDN) forming a cloud-of-clouds trusted storage system. Experiments were performed with clients spread around the planet to assess the merits and drawbacks of the cloud-of-clouds approach for storage. The results show that the use of erasure codes make DepSky storage monetary costs from 23% to 50% more than single cloud storage (on average). In terms of performance, the DepSky read protocol presents better latency than any single cloud (data is fetched from the faster cloud at the moment) while the write protocol latency is similar to the worst cloud write latency (data needs to be written not on a single cloud, but on a quorum of them). Another interesting result show in the paper is the use of a cloud-of-clouds (with the 4 mentioned providers) make the perceived availability of the service is almost 100%, a fact that were not observed for any individual cloud storage provider.
Mid-October, the yearly ACM Conference on Computer and Communication Security (ACM CCS) will again be constitute a main event for the security community.
Researchers from TClouds have been very active contributors to this conference in the past and are continuing to provide strong contributions for 2011:
If you are attending the conference, feel free to contact our team members to learn more about TClouds. Some of the publications by TClouds members are:
2011 ACM Cloud Computing Security Workshop (CCSW) at CCS
October 21, 2011, SWISSOTEL Chicago
http://crypto.cs.stonybrook.edu/ccsw11
Due to popular demand and to synchronize with CCS submissions, the
deadline for CCSW has been extended until July 16th.
Notwithstanding the latest buzzword (grid, cloud, utility computing,
SaaS, etc.), large-scale computing and cloud-like infrastructures are
here to stay. How exactly they will look like tomorrow is still for
the markets to decide, yet one thing is certain: clouds bring with
them new untested deployment and associated adversarial models and
vulnerabilities. CCSW aims to bring together researchers and
practitioners in all security aspects of cloud-centric and outsourced
computing, including (but not limited to):
+ practical cryptography for cloud security
+ secure resource virtualization
+ secure data management outsourcing
+ practical privacy & integrity for outsourcing
+ foundations of cloud-centric threat models
+ secure computation outsourcing
+ remote attestation mechanisms
+ sandboxing and VM-based enforcements
+ trust and policy management in clouds
+ secure identity management mechanisms
+ web service security paradigms and mechanisms
+ cloud-centric regulatory compliance
+ business & security risk models and clouds
+ cost & usability models and their interaction with security in clouds
+ scalability of security in global-size clouds
+ trusted computing technology and clouds
+ binary analysis of software for remote attestation and cloud protection
+ network security mechanisms for clouds
+ emerging cloud programming models security
+ energy/costs/efficiency of security in clouds
We would like to especially encourage novel paradigms and controversial
ideas that are not on the above list. The workshop is to act as a
fertile ground for creative debate and interaction in security-
sensitive areas of computing impacted by clouds.
CCSW is soliciting full papers of up to 12 pages and short papers of
up to 6 pages. Submissions must be in double-column ACM format with a
font no smaller than 10 point (note: pages must be numbered). Only
PDF files will be accepted. Submissions not meeting these guidelines
risk rejection without consideration of their merits. Accepted papers
will be published by ACM Press and/or the ACM Digital Library.
*** Both research and position/vision/white papers are invited ***
Submissions must not substantially overlap with papers that have been
published or that are simultaneously submitted to a journal or a
conference with proceedings. All authors and their affiliations
must be listed.
Proposals for panels are also solicited. The proposals are to be
concise, up to 2 pages in length, describe the handled topics, name
potential panelists and briefly scope the panel for CCSW. Disruptive
and controversial panels are particularly encouraged.
DATES
Submissions due: July 16, 2011 (18:00 UTC)
Author notification: August 11, 2011
Camera-ready: August 22, 2011
Panel submissions due: August 10, 2011
Workshop: October 21, 2011
