Towards a Secure and GDPR-Compliant Fog-to-Cloud Platform

The mF2C project is building an open, secure and decentralized management platform for coordinating resource sharing between connected devices in the fog-to-cloud (F2C) environment. Safeguarding information security and privacy in mF2C is a considerable challenge given the heterogeneous and autonomous nature of devices spanning the F2C spectrum. The recently introduced General Data Protection Regulation (GDPR) raised the stake further by defining stringent security and privacy requirements on the processing of personal information. IaaS and PaaS providers falling in scope must demonstrate that they have implemented reasonable security mechanisms to ensure compliance or face significant financial penalties. In this paper, we present a prototype JAVA-based security library that addresses some of the data security and privacy requirements of mF2C and GDPR. The prototype employs a PKI-based trust model to facilitate authentication and authorization. It uses policy to ensure data privacy and cryptography to deliver data confidentiality, integrity and non-repudiation. We also outline plans to enhance the mF2C security infrastructure with data protection functionalities from the security library and to leverage blockchain technology to augment mF2C security and data protection capabilities.