Work Breakdown

Work package 1: Project management

The first work package is intended to manage the delivery of the SUNFISH project according to time, cost and quality targets, while helping the achievement of project and business objectives by the consortium and its members. Metrics are established to measure the results of the overall project against its original objectives. The package supports decision making, communications and accountability; it also exploits project-related opportunities while carrying out quality assurance and risk management. This aspect of the project disseminates project results, while managing knowledge and intellectual property. Progress is reported to the European Commission through review meetings and documents.

Work package 2: Requirements identification

This work package elaborates on the needs of e-government data management and sharing, and matches these with available security and data isolation technologies for cloud-based federated information sharing systems. It does this alongside analysis of legal interoperability frameworks currently in effect in e-government. This work package defines e-government application use cases, system requirements and the threat model being addressed by the SUNFISH project.

Work package 3: SUNFISH Framework

This work package defines the architecture of the SUNFISH Framework, which is a distributed and lightweight security framework that allows information sharing among federated private clouds, thus allowing public administrations and governments to collaborate and securely share their private cloud resources and migrate services preserving specified levels of security. The SUNFISH solution may also allow further extensions of a private cloud towards different cloud providers. The framework uses Proxy re-encryption schemes to enable private cloud servers to automatically re-encrypt data that needs to be shared with other clouds in the federation. The framework also incorporates anonymization and masking techniques. Where inter-organisation data sharing is not legally possible, solutions are based on secure multiparty computation. The practical outcomes of this work package are a set of specifications for data sharing, identity management, data access, and workload management in a federated cloud scenario.

Work package 4: Inter-cloud information sharing governance and security policies

In this work package technical specification, implementation and enforcement of the security policies in the SUNFISH framework through a governance model are defined. Security policies are defined through an agreed policy language that expresses data security and privacy requirements as well as the definition of an SLA language that serves as an agreement between cloud providers and users based on security-level metrics. Due to the possibility of having several cloud providers and a cross-border federation, the enforcement of these policies will be monitored through a governance model that will mainly focus on data location in order to infer possible policy violations and their origins.

Work package 5: Data sharing and intelligent workload management for federated clouds

This work package enables sharing of data between untrusted entities while protecting the sensitive data of each entity, according to their policies. This makes use of several components, such as dynamic data masking, anonymization and secure multiparty computation, for controlled data sharing between services provided by different private clouds, to be invoked when the mechanism they provide is the most efficient among those respecting the policies in effect on the data. This work package also enables the management and optimization of computing resources in a secure and compliant manner across the cloud federation to deliver business services for end users.

Work package 6: Runtime monitoring and security assurance

This work package focuses on the design and implementation of a distributed infrastructure devoted to monitoring runtime data access. Its purpose is to secure the overall compliance of the federated cloud with the SUNFISH security model. This involves monitoring the polices associated to each piece of data being accessed via the specification languages and techniques developed previously, reporting compliance through suitable visualisation techniques, and logging for audit purposes. This will also allow the timely detection of potential and confirmed security breaches, which will trigger further investigation and alerts.

Work package 7: Integration and Validation of the Framework

This work package ensures the integration and testing of the different SUNFISH subsystems and the validation of the SUNFISH framework against a set of use cases. Through a test plan, it formalises a set of actions including any procedure, process, equipment, material, activity or system that will help understand whether the system performance meets the required specifications and quality attributes.

Work package 8: Dissemination and exploitation

Through this work package, the project disseminates results as widely as possible to ensure that the scientific, technical, and commercial potential of the project is understood and exploited. The project undertakes to define a methodology for assessing the scientific, technical, and commercial impact of the project and to assess the project according to the methodology. The SUNFISH project also cooperates with related projects to achieve the best possible global commitment and coherence. The project continues to contribute to existing standards and to emerging ones where applicable.