CASTOR

As cloud-centric services struggle to meet emerging user needs, computing has shifted closer to the edge or far-edge, forming a 'compute continuum'. This continuum faces challenges in securely supporting end-to-end information sharing due to untrusted hardware and software infrastructures with changing trust states. The EU-funded CASTOR project aims to enable trustworthy communications across this continuum by capturing (security, privacy, trust) service requirements as CASTOR policies enforced in the traffic engineering process. CASTOR focuses on distributed attestation, optimal path computation based on trust properties, and vendor-agnostic trusted path establishment across domains. Its technologies will be tested in four use cases involving security-critical information providing insights to enhance trust-related standards and demonstrate CASTOR’s effectiveness in diverse environments.

Ever since the cloud-centric service provision started becoming incapable for efficiently supporting the emerging end-user needs, compute functionality has been shifted from the cloud, closer to the edge, or delegated to the user equipment at the far-edge. The resources and computing capabilities residing at those locations have been lately considered to collectively make-up a ‘compute continuum’, albeit its unproven assurance to securely accommodate end-to-end information sharing. The continuum-deployed workloads generate traffic that steers through untrusted HW and SW infrastructure (domains) of continuously changing trust-states. CASTOR develops and evaluates technologies to enable trustworthy continuum-wide communications. It departs from the processing of user-expressed high-level requirements for a continuum service, which are turned-to combinations of security needs and network resource requirements, referred to as CASTOR policies. The policies are subsequently enforced on the continuum HW and SW infrastructure to realise an optimised, trusted communication path delivering innovation-breakthroughs to the so-far unsatisfied need: a) for distributed (composable) attestation of the continuum nodes and subsequent elevation of individual outcomes to an adaptive (to changes) continuum trust quantification; b) for the derivation of the optimal path as a joint computation of the continuum trust properties and resources; c) for continuum infrastructure vendor-agnostic trusted path establishment, seamlessly crossing different administrative domains. The CASTOR will be evaluated in operational environments of 4 use-cases whereby varying types of security/safety-critical information is shared. Project innovations will be exhaustively assessed in 3 diverse application domains utilising the carefully-designed CASTOR testbed core for each case. Our results will provide experimental evidence for the CASTOR's efficiency and feed the incomplete trust-relevant (IETF) standards.