1. Auto-Placement Security Aware Augmented Data-Flow and Infrastructure
Distributed applications targeting heterogeneous nodes connected via different networks are hard to secure and require ad hoc solutions for all individual parts. There are partial solutions by hyper-scalers and IoT platforms reaching from the cloud to the edge but usually not into IoT devices. Still, they ultimately depend on non-EU companies and do not offer an effective overall solution to the application space and its security requirements. Reliance on transport layer security only requires full trust in all compute nodes. There is no end-to-end development environment that allows distributed application programmers to build security and privacy-aware applications for mixed critical infrastructure with multiple zones of trust. Available developers in many application areas like Industry 4.0, public transport, SCADA and home automation have low-security skill levels and no tools that accommodate this. The topology of zones of trust can be very complex. In some applications, the IoT/Fog environment is the most trusted one (e.g., field bus at assembly line with insecure devices and protocols), connected with nearby other high trust (on-premises servers, 5G MEC) and medium trust (on-premises office network) with cloud (customer-owned high trust, public low trust). In others, the Fog/IoT devices are in adversarial environments (e.g., railway and other public infrastructure) with more and more trusted environments towards a managed cloud.
To facilitate a coherent compute infrastructure view, STRITZINGER (PST) builds on top of the Erlang language Ecosystem, which possesses many properties for the development of resilient distributed end-to-end applications like fault tolerance, soft-real time, extreme scalability, transparent distribution protocol, and hot code upgrades, all while allowing a lean runtime footprint. For deployment from cloud to edge, PST developed a stack based on the combination of unikernels with the Erlang runtime with associated evaluation hardware in the form of the GRiSP open-source platform13. Currently, it supports RTEMS (unikernel to be run directly on embedded hardware, scalable to small sizes, multicore, robust and approved for space applications) and partially OS-v (lean unikernel to be run directly on hypervisors, multicore). On top of the Erlang ecosystem, PST has so far developed many implementations of protocols, for instance, OPC-UA, DDS, routing protocols, Ethernet TSN, Modbus, Automotive, transport plugins for Erlang distribution, as well as a compiler, runtime and IDE for IEC61499 a distributed PLC programming language and a full ROS2 (Robot operating system) implementation and libraries for secure hardware elements, secure distributed software update and secure boot.
All the existing building blocks are missing a common integrating security focused framework, which PST intends to build in this project. In the Erlang language environment, there are only partial solutions for SBOM and fragile solutions for static and dynamic security scanning tools. In dealing with hardware security, individually developed solutions are developed for every application that need to tie in end-offline configuration and programming, which is security-sensitive and where hardware manufacturers have minimal capabilities for finalizing trusted hardware. Existing support for secure and robust distributed software updates is not integrated into an overall framework. Mapping and adapting applications to multiple trust zones is a manual process, and for complex distributed applications, it is hard to do so without introducing security holes. Currently, a high-security solution for supporting different trust zones is missing.
RESCALE will automate the evaluation processes of both software and hardware components, ensuring that third-party segments are free from vulnerabilities. The operations of the PST platform will be boosted via the provision of the RESCALE vulnerability analysis module promoting the security of the supply chain as a whole. In addition, the existing ways of deploying Erlang systems will be extended by a platform for running multiple Erlang runtimes together with code in other languages, all very securely isolated from each other. Isolating multiple Erlang VMs and other software would make an exciting addition to PST’s platform, especially for gateway systems between different trust zones.
2. Privacy-by-Design Distributed Cloud & Edge Storage
Chocolate Cloud (CC) has a privacy-by-design multi-cloud file sharing and storage solution (i.e., SkyFlok) built in connection with over 11 Cloud providers worldwide and supporting more than 54 GDPR-compliant locations in 15 countries. To achieve outstanding security and accessibility, files are encrypted and erasure coded with added redundancy, and then the resulting fragments are distributed across multiple cloud storage providers and countries. The small business offering runs these computations on the client’s computer without requiring the backend to carry out most security- and privacy-sensitive steps (e.g., encryption, random linear network coding). Larger business offerings being prepared, including a self-hosted Gateway and support for on-premises Edge storage, allowing customers to set up a hybrid storage solution that combines the advantages of both worlds. Additionally, SkyFlok is preparing to launch an Object Storage Service with a public S3 API which requires some privacy-sensitive processes to be hosted at the Edge or in the Cloud. Privacy and security audits are crucial to gaining new customers and supporting new cloud storage providers in our ecosystem. Thus, automated and dynamic analysis mechanisms that can validate both CC’s own software and third-party software libraries and/or host systems are needed to scale the business. Furthermore, trusted third-party certifications for privacy and security can be eased and streamlined in the future, reducing operating costs. For example, one privacy certification may cost tens of thousands of Euros yearly aside from the internal costs of running the verification and certification process.
CC has a commercial cloud backend connected to 11 cloud providers and can be easily extended to more providers in the future. In particular, it focuses on incorporating EU-based and EU-owned cloud providers to comply with GDPR rules, particularly but not limited to its European customers. CC has a commercial deployment (production) and a development/testing deployment available. The latter will be used for experimental testing and optimization in this project, while key outcomes during and at the end of the project will be deployed seamlessly in production, given CC’s micro-services architecture.
There is a lack of automated and dynamic security auditing techniques for third party software libraries and cloud software platforms/infrastructure. This creates massive challenges for security driven and privacy-by-design solutions to have a complete overview of potential vulnerabilities of their offered system without costly inspection of specific components, which is not always available. Dynamic mechanisms that provide a holistic, automated, seamless validation and audit for security are currently lacking.
As cybersecurity is becoming a critical business enabler and offering vulnerability free solutions is a crucial factor for cloud storage, adding those new supply chain security assessment features to Cloud Chocolate’s solutions will bring significant competitive advantages. More specifically, within this pilot, RESCALE will try to address most of the aforementioned challenges by setting up a complete toolbox for vulnerability detection in the complete supply chain used by CC, allowing this way the immediate fix of any potential security hole, and ultimately increasing customers’ trust in the CC infrastructure.