ATMOSPHERE (Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-assuring Hybrid, Ecosystem for REsilient Cloud Computing) is a 24-month project aiming at the design and development of an ecosystem, of a framework, a platform and applications of next-generation trustworthy cloud services on top of an intercontinental hybrid and federated resource pool. The framework considers a broad spectrum of properties and their measures. The platform supports the building, deployment, measurement and evolution of trustworthy cloud resources, data network and data services. The platform is demonstrated in a sensitive scenario to build a cloud-enabled secure and trustworthy application related to distributed telemedicine.
This report belongs to the WP5, “Distributed Trustworthy Data Management Services”. The objective of this WP is the design and implementation of a platform that provides trustworthy
mechanisms for storage, retrieval, update and access of data in cloud platforms. In massive data management scenarios, the use of distributed federated services is an interesting alternative to meet important requirements such as availability, high performance and fault tolerance. In ATMOSPHERE, trustworthiness emerges as a non-trivial requirement. For this purpose, we propose the concept of Trustworthy Data Management Services (TDMS), as the channel where data can be handled given the multiple dimensions of trustworthiness (security, integrity, transparency, privacy, coherence, readiness, availability and accountability). The analysis of the pilot use case focused on echocardio imaging analysis, identified four relevant actors (final user, application manager, application developer and site admin) and several user stories relevant for the Distributed Trustworthy Data Management Platform (DTDM Platform). The main challenge in this regard is to provide a universal, fine-grained access control to the data in the cloud service. The platform must allow data owners to define their availability, privacy, security, fairness, and transparency requirements, while maintaining traceability information about sensitive data and control access to data. The platform must enforce that data cannot be externalized if it does not meet the data owner’s policies and the legal limitations.
These requirements must be covered while minimizing the complexity of the system. Due to these challenges, the strategy chosen for enforcing privacy on the Distributed Trustworthiness Data Management Services Layer consists of creating the Atmosphere Privacy Protection Layer (APPL) , in order to intermediate all data access requests made by users or data processing services to some database management service that fits the application. The APPL will be able to support different levels of granularity in which data is controlled. In this deliverable, we focus on the first version of the DTDM platform, which includes a version of basic security-aware services for building trustworthy key-value storage systems with a partial, but non-trivial set of the envisioned capacities to limit access to data.