Author Archive

RestAssured showcased at German Innovation Forum

Supported by the German Ministry for Education and Research, the University of Duisburg-Essen hosted the German Innovation Forum “Innovation interaktiv!” from 5-6 July 2018. The Forum addresses small and medium enterprises (SME) to help those bringing innovations to market.

 

Dr. Andreas Metzger (paluno, the Ruhr Institute for Software Technology of the University of Duisburg-Essen) chaired a session on digital transformation and data protection. In his role as chief architect of RestAssured, he showcased the project’s ambition, innovation pillars and high-level technical architecture.

 

The discussions during the session clearly indicated that secure data processing is a key concern for SMEs and novel solutions for data protection in the cloud are key to deliver future digital products and services.

 

Further information about the event (in German only) is available at: https://innovation-interaktiv.de/

RestAssured: Securing Cloud Analytics – SYSTOR 2018

The secure analytics platform used in RestAssured, and developed by partner organisation IBM Research, was presented at the ACM International Systems and Storage Conference (SYSTOR) in June 2018.

The accepted poster, “RestAssured: Securing Cloud Analytics”, which details the approach and the associated technologies such as Intel SGX, Apache Spark SQL and Opaque, has been published and can be read here. Below is an excerpt of the poster:

“Protecting sensitive business and personal information is a cornerstone requirement when enterprises and organizations move to the cloud. Many aspects of this requirement are already handled at various levels. Data-at-rest can be secured in cloud stores by encrypting it before persisting the data to storage, while data-in-flight is transmitted using protected channels such as TLS and HTTPS. Data-in-use, processed in cloud compute nodes, is the most vulnerable link in the end-to-end information flow, since the process memory can be accessed by malicious privileged software or system administrators.

….


Our team has designed and developed a framework for trust management in SGX enclaves that performs verification (remote attestation) of the enclave hardware and software components, and assists in trusted delivery of secrets (such as data encryption keys) to the enclaves.”

Additionally, the full list of accepted posters can be found on the SYSTOR site here.

The slide below was presented during the conference along side the official poster above:

RestAssured: Securing Cloud Analytics

Adaptant Signs Agreement with KnowNow

Adaptant and KnowNow sign agreement for UBI

 

RestAssured consortium member Adaptant has signed an agreement with UK based firm KnowNow Information Ltd, that will bring their user consent management solution for automotive usage-based insurance (UBI), to market.

 

The UBI solution is being developed with RestAssured technology and will give drivers control over their data while the vehicle sends information to the insurance provider.

 

For further details see the original press release from Adaptant here

 

Sources: 1, 2

 

Panel discussion on “Security and Adaptivity”

SEAMS 2018 Security and Adaptivity Panel

 

SEAMS 2018, the 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, featured a panel discussion on security and adaptivity.

 

The panel was moderated by Professor David Garlan (Carnegie Mellon University) and included researchers from the University of Kent, Rochester Institute of Technology, and The Open University. RestAssured was represented in the panel by Dr. Zoltan Mann from paluno (The Ruhr Institute for Software Technology), University of Duisburg-Essen.

 

The panel discussed – also with lively participation from the audience – to what extent security poses different challenges to self-adaptive systems than other quality attributes do.

 

The extended abstract with paluno’s position on this topic (authored by Zoltan Mann and Andreas Metzger) can be found here:

www.cs.bme.hu/~mann/publications/SEAMS-2018/Mann_Metzger_SEAMS_2018.pdf.

Open Source – Trust Management in Intel SGX Enclaves

“Intel SGX (Software Guard Extension) technology, available in Skylake and later processors, allows to create secure memory regions (enclaves) protected with hardware encryption in the SoC (system on chip). The data is in cleartext only inside the processor. It is encrypted in the SoC before leaving to the main memory, and decrypted in SoC upon fetching from the main memory. Paging is done on encrypted data.

 

This is a powerful security tool, but it is highly challenging for usage in practical systems. One of the main challenges is a complex trust establishment mechanism required to verify the CPU and the application binary running in the enclave. Without verification, the user can not send secrets (such as data encryption keys) to the enclave, because the CPU can be substituted by a fake processor that leaks the secrets to a malicious party, and the application binary could be replaced by malicious code that leaks the data even in a genuine SGX CPU.

 

Intel specifies a procedure for such verification, called “remote attestation” and provides example code for using it. Unfortunately, the SGX toolkit doesn’t have an end-to-end mechanism that implements this procedure…

 

…IBM Research has designed and implemented a framework for trust management in SGX enclaves that addresses the challenges described above”

 

The full article by Gidon GershinskyEliad Tsfadia and Danny Harnik  of IBM continues here.

 

Open Source Code Released

Furthermore, IBM have released the trust management framework (or TruCE for short – “Trust in Cloud Enclaves”) and toolkit as an open source project at: https://github.com/IBM/sgx-trust-management with an Apache 2.0 license.

 

Feel free to download and use it, report issues or send pull requests with bug fixes and new features.