SPLITCloud

SPLITCloud

SPLITCloud – a research project funded by the BMBF

Secure Partitioning of Application Logic In a Trustworthy Cloud

Motivation

Cloud computing presents various new opportunities and possibilities for providing and using ICT services. Customers can use the cloud providers’ computing capacities to build virtual IT infrastructures (Infrastructure as a Service, IaaS), to use virtual pre-configured platforms (Platform as a Service, PaaS) or to use single applications or software services in the cloud (Software as a Service, SaaS). Despite these advantages, several risks have been making cloud computing difficult or impossible in many critical areas of application. By relocating personal content into the cloud, users have previously given up control over their data. Also, enforcing compliance had been a difficult issue since users needed to trust a third party (the cloud providers, their employees and/or partners) to ensure data availability, to comply with national and European data protection regulations and to protect their business secrets.

Approach and goals

The aim of the SPLITCloud project (Secure Partitioning of Application Logic in a Trustworthy Cloud) is to make SaaS secure for users according to data protection regulations. The service providers present the hardware resources and maintain the software. Users only need to pay for services they use without any additional administrative efforts. Especially small enterprises benefit from this solution: They can use SaaS without making large initial investments for an IT infrastructure of their own including its administration. Well-known examples of SaaS are ERP systems, office applications like Google Docs, Office 365 or customer relationship management (CRM) like SalesForce.

These examples demonstrate the need for special protection as these tools are used to store and process business-critical and personal data in the cloud. The information processed in smart grids requires equal protection. Sensitive information of the energy sector needs to be secure and available at any time to guarantee reliability of power supply. It is essential to control future transmission and distribution grids for the creation (power plants, plants according to the RES Act), storage (electromobility, stationary storage) and usage of energy. The information on this measured data and relevant processes will soon be located in the cloud. This supports economic progress and allows for accessing the data from virtually anywhere.

As users often use the same SaaS by one provider, their data needs to be isolated from other users of the same service. Also, the data needs to be protected against access from the service provider or manufacturer and their administrators. This is a powerful measure to control the risk of inside attacks. Attackers particularly aim at successful cloud services since they concentrate information by many different users. If cloud providers can access the user data, so can attackers.

The SPLITCloud architecture aims at securing SaaS to enable processing of sensitive data in the cloud according to data protection standards and at the same level of security as in a separate infrastructure. Important goals include:

  • Distributing responsibilities for SaaS in a secure way and according to data protection regulations
  • Separating roles/users of software/cloud providers and software/service users securely and reliably. This is achieved by using dedicated application virtualization and time variance to create different virtual and isolated compartments
  • Protecting the user data effectively from being accessed by both other users and administrators of the cloud infrastructure (insider attack) and cloud service
  • Providing secure mechanisms and interfaces for maintaining the infrastructure/software (service and software providers)
  • Providing a compatible architecture for almost any software (ERP/CRM systems, office applications) without being limited to a single service
  • Separating software and data using trustworthy key management independently from cloud or infrastructure providers
  • Pilot application: meter data management (MDM)

Project organization:

SPLITCloud is a joint research project funded by the German Federal Ministry of Education and Research (BMBF) and involves various expert partners from research, economic and industrial fields. The BMBF is the project owner for this project. Rohde & Schwarz Cybersecurity is responsible for the project lead.

  • Project management: VDI/VDE Innovation + Technik GmbH
  • Consortium: Rohde & Schwarz Cybersecurity, Technical University of Darmstadt, Verizon Deutschland GmbH, Schleupen AG, Independent Centre for Privacy Protection Schleswig-Holstein Germany
  • Project duration: 07/2014–04/2017

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.