EPSRC Reference: |
EP/I034181/1 |
Title: |
My Private Cloud |
Principal Investigator: |
Chadwick, Professor DW |
Other Investigators: |
|
Researcher Co-Investigators: |
|
Project Partners: |
|
Department: |
Sch of Computing |
Organisation: |
University of Kent |
Scheme: |
Standard Research |
Starts: |
01 February 2011 |
Ends: |
14 October 2011 |
Value (£): |
57,808
|
EPSRC Research Topic Classifications: |
eScience |
Information & Knowledge Mgmt |
|
EPSRC Industrial Sector Classifications: |
|
Related Grants: |
|
Panel History: |
Panel Date | Panel Name | Outcome |
09 Dec 2010
|
Cloud Computing for Research
|
Announced
|
|
Summary on Grant Application Form |
This research is designed to increase - a) the trust that users may have in cloud providers, as well as - b) the control that users will have over their data when it is stored in the cloud. It aims to do this in a number of ways. Firstly existing cloud users can provide their feedback about their existing cloud service providers to a cloud reputation service. This will compute the reputations of the various cloud providers, so that new potential cloud users can query it in order to determine which cloud providers are the most reputable. Then, when a user has chosen a cloud provider that (s)he believes to be trustworthy, the user can set their own fine grained privacy policy on the data that they submit to the cloud. This policy will be stuck to their data so that it is always enforced by the cloud infrastructure. In this way the user has full control over all accesses to and processing of their (possibly very sensitive) data. If their data is moved between cloud providers, then the sticky policy will move with the data, thereby ensuring continuing control by their policy. The privacy protecting infrastructure has built in audit support to allow the cloud provider to send the user summary audit information which will detail who has accessed the user's data, at what time and for what purposes. This provides users with visibility into the cloud, and reassures them that their data is safe. Users may alter their privacy policy at any time, should they decide it is too strict or too lax. Finally, users will be able to delegate access to their data to other users or processes, in order to provide the flexibility that is sometimes needed in workflows and other data access scenarios.The fine grained privacy policies and protocols that are supported by the infrastructure allow requestors to collect their various attributes and roles from multiple issuing authorities (a process termed attribute aggregation), even when they are known by different identities at the different authorities. This mirrors the reality of today's plastic card credentials and allows a new generation of virtual cards to be created. The cloud provider is cryptographically assured that all these different attributes and roles do indeed belong to the same requestor, without the requestor being required to reveal his real name.The fine grained policies also support emergency over-rides, so called Break-The-Glass policies. These allow responsible requestors, who are initially denied access to the data in the cloud, to break the glass and be granted emergency access, in the full knowledge that they will be held accountable and have to answer to their line management at a later time. This is achieved by having an obligation service that can perform pre-defined actions when an authorization decision is made. In the case of break the glass, these obligations might be to email the requestor's line manager, and record the incident in a secure audit trail. One example of Break the glass use is in medical applications, e.g. it allows accident and emergency staff to access a patient's medical records that they otherwise would not be allowed to see.
|
Key Findings |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Potential use in non-academic contexts |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Impacts |
Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
Summary |
|
Date Materialised |
|
|
Sectors submitted by the Researcher |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Project URL: |
https://authz.tas3.kent.ac.uk/proxyS3/ |
Further Information: |
|
Organisation Website: |
http://www.kent.ac.uk |