RestAssured will provide solutions to specific technical concerns of data protection in the cloud (such as geo-location restrictions on personal data), which are imposed by the dynamic, multi-stakeholder and decentralized nature of federated cloud systems. These concerns mean that privacy and security by design approaches will no longer be sufficient, due to uncertainty at design time of how the cloud and privacy requirements may dynamically evolve and change at run time. To this end, RestAssured provides novel mechanisms and cloud architectures for the runtime detection, prediction and prevention of data protection violations.
Frequently asked questions
RestAssured will provide a level of assurance of the security properties of cloud services going well beyond the current bland and unenforceable promises to respect data protection rules. By adopting and combining existing technologies, and seperating sensitive and non-sensitive data processing tasks, RestAssured will take account of indirect threats to the data including inference attacks, assuring that the selective use of cryptographic processing cannot be bypassed.
RestAssured will assure the protection of sensitive business and citizen data in the cloud by combining four pillars of innovation: (1) combination of fully homomorphic encryption to process data without decryption with cloud enablement of SGX hardware for protected data processing, (2) sticky policies for decentralized data lifecy-cle management, (3) models@runtime for data protection assurance, and (4) automated risk management for run-time data protection.
RestAssured solutions will be demonstrated through three use cases driven by project partners and involving other stakeholders from outside the consortium; High Performance Computing for commercial enterprises; Pay As You Drive usage based insurance; and self-directed Social care for vulnerable adults and social care providers.
The main impact of RestAssured will be to enable the free and seamless movement of data within the EU, whilst assuring conformance to data protection regulations, such as the EU Data Protection Directive and its successor the General Data Protection Regulation.