ATMOSPHERE (Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-assuring Hybrid, Ecosystem for REsilient Cloud Computing) is a 24-month project aiming at the design and development of an ecosystem of a framework, platform, and application of next-generation trustworthy cloud services on top of an intercontinental hybrid and federated resource pool. The framework considers a broad spectrum of properties and their measures. The platform supports the building, deployment, measuring and evolution of trustworthy cloud resources, data network and data services. The platform is demonstrated in a sensitive scenario to build a cloud-enabled secure and trustworthy application related to distributed telemedicine.

This report belongs to the Work Package 5 of the program, “Distributed Trustworthy Data Management Services”. The objective of this WP is the design and implementation of a platform that provides trustworthy mechanisms for storage, retrieval, update and access of data in cloud platforms. In massive data management scenarios, the use of distributed federated services is an interesting alternative to meet important requirements such as availability, high performance and fault tolerance. In ATMOSPHERE, trustworthiness emerges as a non-trivial requirement. 

For this purpose, we propose the concept of Trustworthy Data Management Services (TDMS), supported by a platform where data can be handled given the multiple dimensions of trustworthiness (security, integrity, transparency, privacy, coherence, readiness, availability and accountability). The platform must be able to support our pilot use case focused on echo cardio imaging analysis, identified four relevant actors (final user, application manager, application developer and site admin) and several user stories relevant for the Distributed Trustworthy Data Management Platform (DTDM Platform). The main challenge in this regard is to provide universal, fine-grained access control to the data in the cloud service. The platform must allow data owners to define their availability, privacy, security, fairness, and transparency requirements while maintaining traceability information about sensitive data and control access to data. The platform must enforce that data cannot be externalized if it does not meet the data owner’s policies and legal limitations. These requirements must be covered while minimizing the complexity of the system.

Due to these challenges, the strategy chosen for enforcing privacy on the Distributed Trustworthiness Data Management Services Layer consists of developing new technology for creating Vallum, the ATMOSPHERE Privacy Protection Layer (APPL)​, in order to intermediate all data access requests made by users or data processing services to some database management service that fits the application. The APPL is able to support different levels of granularity in which data is controlled.