Protection of Security Critical Information in an Infrastructure as a Service Cloud

There is a strong trend in IT operations today in the consolidation of data resources. Cloud computing
makes it possible to streamline IT operations and to save energy. However, cloud computing does also
cause new problems. It means that the data that were previously under control within one
administrative domain and organization, now is under the control of a third party provider. This
implies that measures need to be taken to reduce the security risks. Specifically, we in this project
work with the cloud model in which an entire computer infrastructure is offered to a customer, or what
is often referred to as the Infrastructure as a Service (IaaS) model. In order for IaaS to be a real option
for systems dealing with safety-critical information, there is a need for new technical solutions, which
provide hard guarantees for the offered cloud service. This is the challenge that this project takes up.
The project aims to develop a full-scale infrastructure cloud demonstrator and to verify that it is
possible to reliably run an existing patient information system from Region Skåne as a pilot on the
demonstrator. The project utilizes and builds upon previous research on the verification of computer
resources in public IaaS clouds. The aim is to show how an IaaS cloud can be designed to provide the
security required to move a safety-critical IT service to a public cloud. In turn this will open up for the
cost and environmental benefits etc. offered through the IaaS model.