TREDISEC aims at providing a set of security primitives that will ensure the confidentiality and integrity of the outsourced data and computations to the cloud. To help with the design of these primitives, towards the end of December 2015, we have identified the different TREDISEC requirements ranging from functional prerequisites to specific security and privacy needs. With this aim, the following methodology has been applied:
To identify TREDISEC requirements, we first started with the analysis of the six TREDISEC use cases which are categorized into two main categories:
- File sharing services which deal with data outsourcing in a multi-tenant environment (UC1, UC2 and UC3)
- Big Data storage and secure processing services which mainly focus on the case where customers outsource a very large amount of data to be processed at the cloud (UC4, UC5, UC6)
For each use case, we identified the major functional requirements which encompass the basic functionalities of cloud service providers and the generic security and privacy requirements that deal with the set of functionalities that cloud service providers should implement to assure a privacy preserving and secure storage and processing service. The two tables below go over the entire set of functional requirements for each use case and the basic security and privacy requirements, namely: storage and computation integrity, and, storage and computation privacy.
We further focus on the specification of security and privacy requirements for each technical work package delivering TREDISEC security primitives, namely WP3 (verifiability), WP4 (confidentiality and access control) , and WP5 (privacy preserving data processing) and analyze the main conflicts between the security and privacy requirements and the functional ones. We finally end up with the resulting TREDISEC requirements resulting from this trade-off analysis. The following figure tries to summarize these requirements combining security and privacy with functionality with respect to the use cases and the technical work packages. The complete list of these requirements can be found in deliverable D2.2.
As the final target of TREDISEC is the development of a unified framework integrating different security primitives, we also identified the requirements with respect to the architecture of the framework which are differentiated regarding their technical, business and quality nature. These are depicted in the following figure.
Thanks to the specification of the requirements combining security and operational aspects, the TREDISEC project is now moving on to the design of the various security primitives (WP3, WP4 and WP5) and further on to the orchestration of these individual modules.