Use Cases

1. Auto-Placement Security Aware Augmented Data-Flow and Infrastructure

previous arrow
Slide
Problem Statement

Distributed applications targeting heterogeneous nodes connected via different networks are hard to secure and require ad hoc solutions for all individual parts. There are partial solutions by hyper-scalers and IoT platforms reaching from the cloud to the edge but usually not into IoT devices. Still, they ultimately depend on non-EU companies and do not offer an effective overall solution to the application space and its security requirements. Reliance on transport layer security only requires full trust in all compute nodes. There is no end-to-end development environment that allows distributed application programmers to build security and privacy-aware applications for mixed critical infrastructure with multiple zones of trust. Available developers in many application areas like Industry 4.0, public transport, SCADA and home automation have low-security skill levels and no tools that accommodate this. The topology of zones of trust can be very complex. In some applications, the IoT/Fog environment is the most trusted one (e.g., field bus at assembly line with insecure devices and protocols), connected with nearby other high trust (on-premises servers, 5G MEC) and medium trust (on-premises office network) with cloud (customer-owned high trust, public low trust). In others, the Fog/IoT devices are in adversarial environments (e.g., railway and other public infrastructure) with more and more trusted environments towards a managed cloud.

next arrow

2. Privacy-by-Design Distributed Cloud & Edge Storage

previous arrow
Slide
Problem Statement

Chocolate Cloud (CC) has a privacy-by-design multi-cloud file sharing and storage solution (i.e., SkyFlok) built in connection with over 11 Cloud providers worldwide and supporting more than 54 GDPR-compliant locations in 15 countries. To achieve outstanding security and accessibility, files are encrypted and erasure coded with added redundancy, and then the resulting fragments are distributed across multiple cloud storage providers and countries. The small business offering runs these computations on the client’s computer without requiring the backend to carry out most security- and privacy-sensitive steps (e.g., encryption, random linear network coding). Larger business offerings being prepared, including a self-hosted Gateway and support for on-premises Edge storage, allowing customers to set up a hybrid storage solution that combines the advantages of both worlds. Additionally, SkyFlok is preparing to launch an Object Storage Service with a public S3 API which requires some privacy-sensitive processes to be hosted at the Edge or in the Cloud. Privacy and security audits are crucial to gaining new customers and supporting new cloud storage providers in our ecosystem. Thus, automated and dynamic analysis mechanisms that can validate both CC’s own software and third-party software libraries and/or host systems are needed to scale the business. Furthermore, trusted third-party certifications for privacy and security can be eased and streamlined in the future, reducing operating costs. For example, one privacy certification may cost tens of thousands of Euros yearly aside from the internal costs of running the verification and certification process.

next arrow