Pilot 2

Overview

Pilot 2 is designed to validate the ELASTIC framework by focusing on the migration of sensitive IT services to the cloud using privacy-preserving confidential computing platforms. This pilot will showcase how the ELASTIC technologies can ensure the security, efficiency, and compliance of IT services when migrated from on-premise environments to cloud infrastructures.

Objectives

The primary objective of Pilot 2 is to demonstrate the migration of sensitive IT services to the cloud while maintaining compliance with cybersecurity rules and privacy regulations. This involves leveraging confidential computing hardware platforms and remote attestation to create a secure and automated environment for IT service migration and management.

 

Key Tasks and Activity

Specification of Demonstrators for Testing and Validation

This task involves specifying the demonstrators for validating the developed solutions based on WebAssembly, TEE-enabled Confidential Computing, and eBPF with XDP for service orchestration in distributed environments. It includes defining pilot workflows, identifying relevant components and infrastructure, and preparing a validation plan with specific evaluation criteria and KPIs.

 

Setup Orchestration Infrastructure and Confidential Computing Testbed

Setting up and operating a cloud computing testbed incorporating both private and public cloud resources. This task ensures that the necessary infrastructure is available for hosting the demonstrators, considering specific hardware, software, network, and other resource requirements.

 

Demonstrator 2: IT/OT – Privacy-preserving Confidential Computing Platform

This task will validate the developed ELASTIC framework for migrating IT services to the cloud. The task will investigate how IT/OT organizations can migrate sensitive services currently implemented in private datacenters to the cloud while complying with cybersecurity rules and privacy regulations. It includes evaluating the level of automation and portability of the confidential computing HW platform and remote attestation handling.

 

Expected Outcomes

  • Automated Handling of Confidential VMs: Development of a software framework for the automated creation, initialization, and management of confidential VMs using programmable APIs. This will simplify the deployment process and ensure compatibility with various hardware and CSP platforms.
  • TEE Abstractions: Implementation of TEE abstractions to support any CSP infrastructure compatible with confidential VMs, enhancing the flexibility and portability of confidential computing environments.
  • Remote Attestation Framework: Establishment of a robust framework for handling remote attestations, ensuring the integrity and security of migrated IT services.
  • Software Management Agent: Creation of a Software Management Agent (SMA) capable of managing confidential VMs from the cloud to the edge, ensuring secure and efficient operations across different environments.

 

Key Performance Indicators (KPIs)

  • Simplification of VM Deployment: Achieve a 50% simplification in deploying confidential VMs, making the process more accessible and efficient for organizations.
  • Enhanced Remote Attestation: Improve the granularity of remote attestation handling by 30%, providing more precise and secure attestation processes.
  • Deployment Flexibility: Enable the deployment of confidential VMs from the cloud to the edge, ensuring lower latency and higher availability for end-users.

    Pilot 2 will play a crucial role in demonstrating the capabilities of the ELASTIC framework for secure, efficient, and compliant migration of sensitive IT services to cloud environments. This pilot will validate the technologies developed within the project, ensuring they meet the needs of modern IT/OT organizations.