The myTrustedCloud project
There are currently a profusion of projects working with the ‘cloud’, a flexible computational platform allowing significant scalability and service based provision model. Unfortunately there are currently significant limitations in assuring data provenance when using these systems, in terms of guaranteeing both the origin and operations performed on data.
This is limiting uptake by a number of communities whose emerging information models appear otherwise well suited. The situation is complicated by the only available software on which a user community or institution would build a cloud being limited with a number based on a single open source solution. As an alternative the commercial providers have each developed their own software solutions, the internals of which are not visible, including the models of trust and security that are applied to these infrastructures.
Many research areas require traceable accuracy of data when it passes from the provider to different analysis communities. There is a well-founded history of provenance research, but the transference and integrity protection of provenance is seldom addressed in practice. Within our target sectors this is a primary requirement. We have demonstrated that the technologies of trusted computing can be used effectively to build records of provenance that are demonstrably accurate – potentially to an evidential standard.
Within MyTrustedCloud the primary target sector is the energy industry, which due to requirements for ‘SmartGrid’ implementation need to be able to provide support for organisational intra- and inter-operability, based on emerging CIM standards (ENTSO-e), including Advanced Metering Infrastructures, Enhanced State Estimation, On-line Condition Monitoring. This will become an issue of National Infrastructure protection, with the differing usage patterns demanding the ability to dynamically scale computational and data resources, therefore cloud is a desirable paradigm.
Currently there is a significant community that has been built around Trusted Computing and its associated hardware components (TPM, and TPM enabled devices) and software such as trusted virtualisation. This is now being extended into the different application areas such as networks and distributed systems design. Availability of components has meant that this has until now been mostly confined to theoretical investigations. The technologies are now becoming main-stream enough that physical and systems integration research is timely and thanks to the availability of commodity components it is now feasible to design and build pilot demonstrators, upon which different research areas may test their full capabilities.
The project hypothesis is that Cloud computing can be made a viable solution for communities with high data integrity requirements though the use of Trusted Computing Components and software integration. All the currently available public, private or hybrid cloud systems do not have any strong form of security attached to them and as such are not suitable for the identified user community and the use cases they have described.
The objectives of this project are;
- Construct a prototype of trust-capable cloud infrastructure based upon a publicly available IaaS solution
- A best Practice Report on integration of trusted computing and Cloud
- A white paper on public cloud requirements for trust
- Elaboration of threat model with relation to the exemplar research community
- Increase the overall security of nationally important infrastructure
- Develop exemplar energy community applications showing the possibility of secure cloud through application of hardware trust to be a possible route to simplification of computing systems needed to support the current UK model of separated Distribution and Retail companies needing access to the same information securely and with provenance on both sides.
- Anbang Ruan, Department of Computer Science, University of Oxford
- Nigel Hargreaves, Brunel Institute of Power Systems, Brunel University
- Alan Mcmorran, Open Grid Systems
AHM 2011 Poster
Poster presented at the EPSRC/JISC Cloud workshop @ AHM 2011, York
Paper presented at CloudCom 2011, Athens, Greece
- Dr David Wallom: david.wallom at oerc.ox.ac.uk