COMPANY / ORGANISATION PROVIDER
Name: Atos Spain & GRNET
Address: Albarracín, 25 Madrid – 28037
OVERVIEW
Description:
TREDISEC (Trust-aware, REliable and Distributed Information SEcurity in the Cloud) is a European collaborative Research and Innovation Action that leverages existing or novel cryptographic protocols and system security mechanisms, which offer strong data confidentiality, integrity and availability guarantees while permitting efficient storage and data processing across multiple tenants.
From a practical standpoint, the ambition of this project is to develop systems and techniques that make the cloud a secure and efficient place to store data. We plan to step away from a myriad of disconnected security protocols or cryptographic algorithms, and to converge instead on a (possibly standardized) single framework where all objectives are met to the highest extent possible.
Started on 1st April 2015, the ultimate goal of TREDISEC is to converge to a unified framework where resulting primitives are integrated, while following the end-to-end security principle as closely as allowed by functional and non-functional requirements.
The TREDISEC framework is a piece of software that facilitates the Cloud Security technology providers to manage the entire lifecycle of the TREDISEC Primitives and Recipes.
The framework also supports consumers of such technologies in locating and identifying them in a simple and effective manner, as well as in testing and deploying those in a specific cloud-based environment, in order to fulfil consumers’ own requirements.
Functionality:
Catalogue of Recipes
|
Recipe |
Primitives Included |
Description |
|
Verifiable Integrity of Virtual Systems |
This recipe includes a packaged version of the TRAVIS primitive, which provides the following functionalities: (i) continuous verification of the integrity of the outsourced business services/applications and the underlying infrastructure, (ii) monitoring and reporting about Integrity aspects in Cloud Services Agreements. |
|
|
Access Control and Multi-tenancy |
EPICA (Efficient and Privacy-respectful Interoperable Cloud-based Authorization) is a software implementation that controls access to resources (either services or data) in multi-tenant cloud environments. This Recipe leverages Docker to allow a fully automated deployment and testing of EPICA through the framework. |
|
|
Container Isolation |
This recipe secures Docker image manipulation throughout its life cycle: The creation, storage and usage. |
|
|
Secure storage and deletion |
Traditional techniques like encryption and backups address availability and confidentiality concerns but lack transparency on resource usage and assurance that data is made inaccessible when its owner so wishes. Secure Storage and Deletion recipe enables such improved transparency and control for data owners. |
|
|
Secure verifiable storage |
This recipe offers cloud storage providers the advantage of ensuring a secure and confidential storage of customers’ data while satisfying the cloud storage provider’ scalability requirements and optimizing their storage savings. |
|
|
Secure biometric matching |
A Cloud Service using this Recipe will guarantee that the privacy of the data is preserved as all operations occur in the encrypted domain, and by providing reliable cryptographic proofs for each biometric transactions. |
|
|
Secure storage with proofs of retrievability |
Secure Multi-Cloud Storage emerges as the centrepiece of tomorrow’s scalable and secure storage technologies, combining the use of multiple cloud storage services and aggressive data deduplication techniques to further reduce storage cost with security and reliability at an unmatched level. |
|
|
Robust cloud platform |
|
This recipe consists of primitives designed to mitigate the risk of compromise significantly, leading to cloud platforms that are robust against cyber exploitation. |
|
Verifiable Computations |
This recipe provides some means to cloud users to verify the correctness of operations executed (outsourced) at the cloud server’s side. |
These Recipes are a joint effort of various TREDISEC partners. If you are interested in knowing more, please contact us!
Category: Access Control, Data Privacy, Identity Management, Security Monitoring, Trustworthy Data Processing, Trustworthy Data Storage, and Trustworthy Infrastructure / Cloud
Type: Software
Availability:
The software can be downloaded (for free) from both:
USAGE REQUIREMENTS
Interfaces & Protocols:
Catalogue of TREDISEC Security Primitives:
- TPM-based Remote Attestation (TRAVIS)
- Access Control for Multi-tenancy (EPICA)
- Logical Partitioning Hypervisor
- Secure Deletion
- Shared Ownership (Commune)
- Perfect Dedup
- Verifiable Polynomial Evaluation
- Verifiable Matrix Multiplication
- MUSE
- ML-POR with MLKeygen
- Container Isolation Component
- Software Hardening (MEMCAT)
- Attack Surface Reduction (KTRIM)
- Vulnerability Discovery/Fuzz Testing
- IBM’s PoW
- Key Management for Secure Deduplication (OOPRF)
- Verifiable Matching of Biometric Templates
- Biometric Features Extraction in the Encrypted Domain
- Verifiable Document Redacting
- Proofs of Retrievability
- Advanced Encryption Resilient to Key Leakage (Bastion)
- Secure Deduplication (ClearBox)
- SPORT
- MIRROR
- Authenticated Encryption
- Secure Data Migration Service
- Multi-Tenancy Enable Encrypted Database
Terms & Conditions of use:
The TREDISEC framework has been released as Open Source Software, under the Apache 2.0 license.
Documentation:
Project documentation and other resources can be found at: http://www.tredisec.eu/content/d61-tredisec-framework-implementation
Additional information:
