Specification of security enablers for data management

This deliverable introduces the processing functions for data management in the SUPERCLOUD. In particular, it contains security and dependability component specfications, descriptions of distributed protocols, specifications of cryptographic mechanisms, and descriptions of the data-resilience tools. SUPERCLOUD data management components described in this deliverable are organized in three parts. The first part describes novel components pertaining to state-machine replication, which will be used to replicate critical pieces of SUPERCLOUD metadata across multiple clouds. The second part covers SUPERCLOUD distributed storage solutions which we use to manage bulk data. Finally, the third part describes advanced data security components, focusing, in particular on data privacy techniques. These techniques can be optionally combined with dependability and security components
pertaining to fault-tolerant state-machine replication and distributed storage described in the first two parts. Several components described in this deliverable have already been published in top research conferences. More specifically, the first part of this deliverable focuses on novel solutions for state-machine replication. SUPERCLOUD state-machine replication will use Hyperledger fabric open-source blockchain as its envelope, which is first discussed in Chapter 2. Then, we introduce novel distributed protocols
for state-machine replication developed in the context of SUPERCLOUD. Namely, Chapter 3 discusses how to treat non-determinism when replicating arbitrary applications when replicas can fail in an arbitrary (i.e., Byzantine) way. Chapter 4 introduces a novel model for developing reliable distributed protocols called XFT, as well as the rst state-machine replication protocol in this model -XPaxos. Chapter 5 empirically evaluates latency-optimization for state-machine replication in WANs and informs the design of novel state-machine replication protocols. Chapter 6 introduces a generic state-transfer tool for partitioned state-machine replication that enables elasticity. In the second part of the deliverable, we turn to resilient distributed storage. Chapter 7 describes
Janus, a multi-cloud storage platform that finds the best way to store data in the clouds according to given user-defined requirements. In Chapter 8 we present new erasure-coded storage emulations on top of untrusted cloud storage services that support multiple concurrent writers. Chapter 9 concludes the set of novel dependability components by presenting a solution for cloud-based database disasterrecovery. Finally, the third part deals with advanced techniques for enduring data privacy and con dentiality, as well as security of data sharing and anonymization. In particular, Chapter 10 proposes a privacypreserving
distributed solution for verifiable computation. Chapter 11 proposes a solution for privacypreserving image processing relevant for SUPERCLOUD healthcare use cases. Chapter 12 introduces further privacy preserving techniques based on key encapsulation, proxy re-encryption and attributebased encryption, and includes details about secure deduplication. Finally, Chapter 13 presents our
anonymization techniques. The deliverable further specifies the integration vectors of the described components and explains how
these components come together within the overall WP3 architecture as defined in D3.1. This informs the integration of the (subset of) components that will be tackled on in the following months, in the context of SUPERCLOUD deliverable D3.3.