Privacy-Preserving Computation in the Cloud
The traditional computing paradigm is experiencing a fundamental shift: organizations no longer completely control their own data, but instead hand it to external untrusted parties - cloud service providers, for processing and storage. There currently exist no satisfactory approach to protect data during computation from cloud providers and from other users of the cloud.
PRACTICE has assembled the key experts throughout Europe and will provide privacy and confidentiality for computations in the cloud. PRACTICE will create a secure cloud framework that allows the realization of advanced and practical cryptographic technologies providing sophisticated security and privacy guarantees for all parties in cloud-computing scenarios. With PRACTICE users no longer need to trust their cloud providers for data confidentiality and integrity: Due to its computation on encrypted data, even insiders can no longer disclose secrets or disrupt the service. This opens new markets, increases their market share, and may allow conquering foreign markets where reach has been limited due to confidentiality and privacy concerns. PRACTICE enables European customers to safe cost by globally outsourcing to the cheapest providers while still maintaining guaranteed security and legal compliance.
PRACTICE will deliver a Secure Platform for Enterprise Applications and Services (SPEAR) providing application servers and automatic tools enabling privacy-sensitive applications on the cloud. SPEAR protects user data from cloud providers and other users, supporting cloud-aided secure computations by mutually distrusting parties and will support the entire software product lifecycle. One goal of SPEAR is to support users in selecting the right approach and mechanisms to address their specific security needs. Our flexible architecture and tools that allow seamless migration from execution on unchanged clouds today towards new platforms while gradually adding levels of protection.
PRACTICE is strongly industry-driven and will demonstrate its results on two end-user defined use cases in statistics and collaborative supply chain management. PRACTICE is based on real-life use cases underpinning the business interest of the partners. Our focus is on near-term and large-scale commercial exploitation of cutting-edge technology where project results are quickly transferred into novel products. PRACTICE is the first project to mitigate insider threats and data leakage for computations in the cloud while maintaining economies of scale. This goes beyond current approaches that can only protect data at rest within storage clouds once insiders may misbehave. Moreover, it will investigate economical and legal frameworks, quantify the economic aspects and return on security investment for SMC deployment as well as evaluate its legal aspects regarding private data processing and outsourcing.