WITDOM: 3 years project

The project WITDOM started in January 2015 and reached its last month of the project at the end of December 2017. As indicated in the figure below, from the very beginning the project followed a seven-step roadmap in order to achieve its objectives: from the elicitation of requirements to the final version of WITDOM framework in December 2017 (M36). At the end of December 2017 the project reached the seventh step, labelled as “Final prototypes and platform”, which comprises the final version of the scenario prototypes.

As a result of these 36 months, the project produced a security and privacy framework for outsourced data in untrusted ICT environments, mainly (but not limited to) a hybrid cloud. WITDOM assumes a trusted domain, which is usually a computationally restricted environment that is controlled by the end user and where security-critical services are hosted. In this trusted domain, strict security and privacy controls need to be enforced before any data or process is outsourced. On the other hand, we have a cloud environment where virtually unlimited resources are available for heavy computational tasks. Typically, those resources can be rented from cloud providers; however, the users / clients only have limited control over them and the provider is the one with full control. Therefore, this environment is considered to be an untrusted domain.
The WITDOM platform orchestrates a variety of complex processes to protect sensitive data in the trusted domain in order to enable secure and privacy-preserving processing, storage, and sharing of protected data in an untrusted environment. To this end, WITDOM offers a wide set of protection functionalities (based on both crypto and non-cryptographical technologies) through a rich set of protection components:

  • Anonymization;
  • Secure signal processing (SSP);
  • Secure computation (SC);
  • Integrity and consistency verification (ICV);
  • Data masking and desensitisation (DM);
  • End-to-end encryption (E2EE)

The framework is capable of adding new services as modular blocks. It relies on an administrative dashboard and a cloud orchestration service. The administrative dashboard interacts with the cloud orchestration service via RESTful API, and provides means to deploy the core services within the trusted or untrusted domain. The cloud orchestration service is built on top of Cloudify and it is used to manage the WITDOM core components: Broker, Protection orchestrator, Identity and access management (IAM) component, and Key management (KM) service. Each request originated from the user application is handled by the broker service that will redirect the request towards the specific WITDOM protection component. This can be seen as a pipeline of requests originating from the application and routed by the broker towards the suitable components able to handle the request.

The generic WITDOM framework is based on a generic architectural model, which uses the paradigm of service orientation (and represents a service-oriented architecture, SOA), isolating the applications from the particular implementations and locations of its elements. The architecture organizes multiple protection components together in a comprehensive framework. Moreover, this architecture was adapted to hybrid cloud models, where trusted domains use private cloud infrastructures, such as OpenStack, while, untrusted domains benefit of the use of public clouds, such as Amazon web services.

The generic framework is suitable for different scenarios, though the project revolved around several use cases for two scenarios: eHealth and Financial Services. The adaptation of the generic framework to scenarios needed additional functionalities to be developed. These are the most important:

  • The GLIMS (Genomic Laboratory Information Management System). The purpose of GLIMS is supporting genomic laboratories in those DNA analysis activities that require large computational effort and storage capability, providing a centralized way of storing genomic variants (and annotations) and laboratory files (e.g., FASTQ files, VCF files) and a fast solution to align patients’ genome and annotate their variants.
  • FS-Trusted and FS-untrusted. These are services implementing the interface between the end-used in-house financial applications and WITDOM components.
  • Statistical & Machine Learning Services, developed to satisfy the needs of the Financial scenario: Linear Regression, Neural Network, and Auto Regressive Integrated Moving Average (ARIMA).
  • Genomic services: Sequence alignment, variant annotation, and variant reannotation.

The development was guided by functional, non-functional, legal and ethical requirements elicited from general and particular scenarios. The project followed a methodology called SPACE (Security and PrivAcy CodEsign) used for eliciting privacy and security functional and non-functional requirements. Legal and ethical requirements are the result of the legal research conducted within the project. Requirements were technically formalized by means of a privacy framework and the assessment methodology developed in WITDOM. This methodology included discussions on the formal technological security, privacy and verifiability requirements of WITDOM platform and scenarios, taking into account the connection with user-centric requirements and European privacy and data protection legislation. All the requirements were arranged in a tree-like structure that collects all the end-user and legal requirements elicited in the requirements work package and the legal work package and connects them to leaf technological requirements. The requirements for the WITDOM platform and project scenarios were classified into three categories: core research requirements, demo requirements and production requirements. Demo requirements are the ones that are tested in the WITDOM pilots.

Furthermore, the trust models analyzed for the project scenarios identify the trusted and untrusted parties based on the definition of actors and their feared events, and determine which particular data has to be protected and from whom. The main untrusted element for these models is the Infrastructure Provider, from which WITDOM protects all the outsourced data. Additionally, the limitations for currently existing deployments are identified, identifying the most promising research approaches followed in WITDOM for addressing verifiability, security and privacy protection of outsourced process in outsourced environments.

On the legal side, WITDOM worked on the Analysis of the application of the European legal framework on privacy enhancing technologies, in particular the data protection and cybersecurity package, as well as the definition of the specific legal privacy and security requirements that need to be taken into account for the development of the eHealth and Financial Services scenarios. The legal research focused on the extent to which data protection and cybersecurity legislation applies to the manipulation of (encrypted) personal data in untrusted environments such as the cloud, and the interaction between the basic stakeholders (data controller/processor/subject) in the context of processing personal data in these new environments. This activity also assessed ethical guidelines to support stakeholders in the advancement of central human values such as freedom, security and justice. The interaction between law, which provides formal regulatory settings, and ethical guidelines, which provide normative recourses for the interpretation of the law, is an important consideration.
The WITDOM checklist for GDPR compliance shows, firstly, how WITDOM supports its adopters in compliance with the GDPR by providing adequate technical measures and, secondly, how WITDOM adopters can further ensure their GDPR compliance by taking into account several recommendations on organizational level.

WITDOM framework and components were validated at primitive and system level. In the first case, the validation involved the component analysis as standalone protection mechanisms applied to eHealth and Financial Services scenarios, based on the KPIs defined in the followed methodology.
The purpose of our system-level validation is twofold. On the one hand, it aimed at conducting a technical evaluation in order to assess the performance of the implemented solution. This was done by measuring the coverage of the traced requirements, the efficiency of the proposed solution and the achieved security levels. On the other hand, the user evaluation was carried out in order to assess the attractiveness of WITDOM and its prototypes, in contexts that require sensitive data to be manipulated in a hybrid cloud environment. Two user categories were involved: core users, who create, analyze and manipulate sensitive data; and direct users, who are technical users that do not interact directly with sensitive data, but rather support core users in their daily activities. The validation process is divided in two parts, namely, a validation of the WITDOM platform, and a validation of the eHealth and Financial scenarios (and related use cases).
Finally the legal validation consisted of three elements:

  • assessment of the data catalogues used for WITDOM use-cases,
  • a description of the implementation of the legal and ethical requirements in WITDOM technical work packages, and
  • a compliance check for WITDOM use cases.
  • It concluded that careful implementation of organizational processes and the selection of third party service providers that implement technical solutions advancing availability, confidentiality, data isolation and cryptographic techniques in transit and at rest, enables untrusted services to become trustworthy.

Most of the protection components are the tangible result of the WITDOM Analysis of the state-of-the art in homomorphic encryption, secure processing, privacy enhancing techniques and integrity and consistency mechanisms. WITDOM challenges were mainly related to the efficiency, applicability, generalizability and scalability of privacy protection techniques to achieve a true end-to-end protection of sensitive signals when they are processed in an untrusted environment. To tackle these challenges, WITDOM’s research advances the state of the art in the aforementioned fields at a framework level, at a practical (protocol and algorithmic) level, and at an implementation level. Scenario-specific considerations related to the eHealth and financial use cases were also taken into account, dealing with the scalability of the approaches to growing volumes of data, and the anonymizability of the input data.
It is worth mentioning that not only the toolset, but also some patents applications were started: 1 patent application by IBM on the data masking technology, and 2 patent applications by UVIGO associated to the Signal Secure Processing (SSP) component, one related to the genomic scenario, another one to the financial services scenario.

The project was supported and promoted by an intense communication and dissemination activity executed from the very beginning, according to an initial strategy, which set the base-line for individual partner’s activities, in order to reach the maximum impact possible. The strategy was accompanied with a plan that established a series of activities to promote the project along its entire duration, as well as a complete set of graphical material that supports these activities. The graphical material entails:

  • The project branding, including a logo, colour code, templates for project documents and templates, as well as dissemination material to support the communication and dissemination activities, such as two posters and two versions of a promotional brochure.
  • A project website (www.witdom.eu) publicly accessible online since the beginning of the project, as the main point of contact from externals and first means for dissemination and communication of project advances and regular achievements. It currently offers a point of access to WITDOM results.
  • Social media: dedicated LinkedIn group, twitter account, Youtube channel, and SlideShare account.
  • Press releases and dissemination campaigns, to promote the project and relevant project events, such as the SECODIC 2016 workshop at the ARES 2016 Conference (Salzburg, Austria) on August 31st 2016, the participation at the ICT2015 (Lisbon, Portugal) on October 2015, or ISSE 2017 (Brussels, Belgium) on October 2017 to mention but a few.
  • Publication of 24 scientific papers.
  • Participation at the Data Protection, Security and Privacy (DPSP) cluster.

WITDOM also contributed to to current drafts and potential new standards belonging to the International Organization for Standardization ISO/IEC JTC 1/SC 27, by means of a liaison with the working groups 2 and 5. The liaison allows us to provide input and actively contribute to standards in the field of cryptography and privacy technologies, both underlying disciplines to the solutions being designed and deployed in WITDOM
Finally it is worth mentioning that WITDOM work relied on the participation of two external advisory bodies: a Project Advisory Board that provides WITDOM with expert advice in key relevant areas from the project such as the legal aspects and the research lines, and an Industrial Special Monitoring group, providing additional information, such as guidelines on standardization and exploitation.