Cloud Sentinel Proposal

[emmYgd]

Open Grant Proposal:

Project Title: Cloud Sentinel

Proposal Category: Integration/Storage

Individual or Entity Name: Emmanuel Damilare Adediji

Proposer: emmYgd

Project Repo(s): Non-Existent Yet, but will be created upon approval as open-source at https://github.com/emmYgd

(Optional) Filecoin ecosystem affiliations: None

(Optional) Technical Sponsor: None

Do you agree to open source all work you do on behalf of this RFP and dual-license under MIT, GPL, and APACHE2 licenses?: Yes

Project Summary

INTRODUCTION:

When under perilous data breaches, cyber warfare, hacking, hijacking and other often radical cyber-attacks, the aim of the adversary entails gaining access and insight to some form of data, data theft and piracy, cyber-terrorism, cyber-bullying, cyber ransom demands, etc.

This could mean embarrassment, profit or revenue loss, bottom-line dip, customer or compliance regulatory lawsuits and forced closure, depressions/suicidal inclinations, for enterprises and individuals respectively.

Aside general protection requirements, individuals and enterprises alike also have needs for the protection to include various aspects that are unique to their use-cases - for instance, “Can I set this data‘s expiration?”, “Will this data be accessible outside France - we don’t want it to be!”, “This design is a business secret, we don’t want it assessed outside 10 meter radius to our office!”, “How can I meet up with digital security compliance and regulations in my country regarding my business?”

In short, they want not only to secure and protect their data in ways unique to them, but also holistically govern their data even when it is sent outside their domain.

The digital landscape is changing in recent times, new breaches & attacks are being recorded at lightening speed. Security, protection, standardization & governance at the data layer exposed over myriads of networks & protocols form very unique strategy.

NETWORKS AND PROTOCOLS:

There are diverse and varied networks, protocols & infrastructure available for use by individuals, enterprises, governmental parastatals and organizations to move, share and store data. Examples include:

• high level networks & protocols e.g. HTTP(s)/REST, SOAP, RPC, etc.

• messaging/queuing networks & protocols e.g. Kafka, AMPQ, etc.

• Storage Networks & protocols e.g. Filecoin, IPFS, Amazon-S3, etc.

It must be noted that both modern and existing enterprises have put or are putting the decentralized, distributed networks, protocols, infrastructure and solutions into strong considerations while many other have embraced and implemented them.

Decentralized Storage - Filecoin

The future of data storage is truly decentralized & distributed in a zero-trust manner. This has already began to shift the focus from initial centralized storage solutions based on the services of single storage providers or vendors into the truly decentralized distributed storage solutions leveraging on the power of various robust implementations of the blockchain and allied technologies.

In turn, this has began to yield effectiveness and efficiency through cost reduction, speed, high availability, censorship resistance, etc.

Filecoin with its underlying technology IPFS being a content-addressable decentralized storage network, offers the aforesaid. The technology of how this is possible is explained well in associated whitepapers.

SUMMARY PROPOSED SOLUTION:

Cloud Sentinel exposes and implements data security & protection, various encryption use-cases, data standardization and governance, diverse cryptographic operations, key management & rotation, (de-)compression, robust policy enforcements & complex permission provisioning, authorization & authentication, data logging and finger-printing, provenance and reporting, over diverse networks/protocols server and client implementations, on top of the Filecoin network.

It also offers secured data transport, movement, migration, partitioning & backup in the same manner - on top of the Filecoin network.

The server implementation is proposed to be hybrid: while being a server infrastructure in its own right, also serve as a gateway built on top of and interfacing with the Filecoin storage network.

Hence, the implementation performs a dual service of not only exposing data standardization, security, protection, governance, provenance and such other features as mentioned above, but also acting as a gateway to our decentralized and distributed storage - the Filecoin network.

Introducing the EMMA protocol:

At the core of my proposed solution is the Electronic Masking for Many (EMMA) Protocol. This protocol is implemented to prepare data received in various forms and from other disparate and often diverse networks, protocols, services and infrastructure into uniform standardized formats that are compact, discoverable, standardized, ACID-compliant, transactional, indexable, searchable, schema-enforceable, versioned, key-time-stamped, storage-ready and performant. Out-of-core and memory efficient compute strategies, architecture and designs will be implemented.

In conclusion, all the aforementioned will be accomplished using a blend of solid designs & architecture, battle-hardened infrastructure & systems, well-optimized algorithms and data structures & a robust technology strategy that scale seamlessly.

Impact

By adopting the aforementioned technology, the projected value involves the following:

Existing infrastructural improvements: The solution will add value to the existing Filecoin infrastructure and ecosystem by providing the various aforesaid offerings. Filecoin becomes more like a sort of a secured data lakehouse system upon which even further more complex systems could be built.

Storage Decentralization and Vendor Neutrality: Rather than having to delegate to a centralized vendor (storage provider), user data coming from disparate sources are stored on the Filecoin network, hence, eliminating reliance on centralized storage providers and encouraging Filecoin’s adoption.

Advanced Data Privacy: A blend of Fast and strong encryption protects stored data from unauthorized access, even by Filecoin network operators.

Future-Proof System: A mixture of the default decentralization and the post-quantum cryptography implemented by the system help ensure a true future-proof system against quantum attacks and breaches regarding user data.

Granular Access Control: Users define who can gain access to their data, how their data would be assessed, where their data could be assessed and when their data would be assessed through various policy enforcement strategies, permission controls and rules. In addition, they can also revoke access at any time.

Complex Cryptography and Governance Use-Cases/Scenarios: Complex Use-cases and Scenarios like encrypted search, homomorphic/malleable cryptography, location-aware access control, role-based multi-party permission provisioning and other cross-cutting concerns are implemented by the system.

Wider Adoption : Exposing the system over an array of networks and protocols, settings, configurations and possibly later over User Interfaces (desktop, web and mobile) also serves as a plus regarding flexibility, ease of use and adoption by different platforms and users.

Zero Trust Protection: In a multi-connected environment, this can add to a layer of security where security travels with data even outside the domain of the original data owner.

Cost Reduction: The cost of storage by traditional centralized providers is usually higher when compared with that of decentralized technologies. The offering of highly optimized compression algorithms implemented by the proposed system also goes a step further to reduce storage costs for individuals and organizations alike.

True Data Ownership: This combined approach not only empowers data owners (viz individuals or enterprises), but also gives them back control over their valuable data in their own way, hence, aligning with the core values of the internet of the future - a truly secured, decentralized and distributed web where, no matter their location, user data can be truly said to be SECURED AND OWNED.

Lowering the barrier of entry: By providing services such as secured data migration, backup and partitioning, the barrier of entry experienced by organizations and individuals in embracing the web-3 due to the data silos that they already have with existing centralized cloud storage providers is greatly lowered. Not only can they move to the decentralized storage, they automatically have access to all the services including security, cryptography, governance etc. offered by the proposed solution and its underlying decentralized Filecoin infrastructure.

Flexibility & Dynamism: The high penetration of the proposed system in its exposure over networks and protocols like HTTP(s)/REST on one end and possible expansions to RPC, MQTT even for IOT devices - makes the system flexible and dynamic in its adaptation and use-cases.

Outcome

Deliverables:

While there are plans to expand the system, the deliverables for the early working version are laid down below:

Stable version of the Cloud Sentinel exposing Cryptography, Standardization, Compression and Governance, Monitoring and such other concerns as previously aforementioned.

Stable RESTFUL API 
Stable gRPC API
Alternate Web-UI for Alternate Admin Panel Dashboard.
Documentations and usage guides

Success Metrics:

This project has not been implemented yet. It’s still at the architectural, planning, and envisioning stage. As such, success metrics are at best still abstract. However, both technical metrics like performance evaluation, quick throughput, lower latency, deployment and scaling metrics and non-technical metrics like community feedback, adoption rate, ubiquity and versatility, dynamism, etc. will be considered.

Adoption, Reach & Growth Strategies

Target Audience: Any individual, enterprise, and organization that deals with data - video files, documents, e-books, pictures, business designs & trade secrets, health-related reports and images, texts and numerical data, metrics, etc.

More specifically, the product application include but are not limited to: Ordinary/Everyday Users Hospitals & Healthcare Outfits Modern Data Engineering companies Machine Learning Outfits Banks & Financial Institutions Schools & Educational Institutions Entertainment Industry Governmental Organizations & Parastatals Military Storage Network Solutions Resource Constrained Infrastructures (e.g. IOT) Legal and paralegal Organizations Life Research (Bio-informatics, Genomics)

Customer Acquisition: Once sufficient milestone is reached, we first start with running a holistic targeted digital marketing campaign across relevant social media platforms. The aim is to get the words out there.

Another strategy is by reaching out personally to organizations, companies and parastatals that might be interested in such technology. Another way is through community engagements, seminars, tech events.

Reach: Basically, the service will be rendered through a subscription-based services as primarily B2B (Business to Business) via APIs, SDKs and Gum layers with existing enterprise infrastructure and also B2C(Business to Customers) through easy web and mobile apps.

In addition to that, there are plans to render a B2G (Business to Government) service in the form of government contracts and public projects in the cyber-space.

Development Roadmap

Week 1: MAJOR Project/Infrastructure setup Environment installation and Configuration of Docker, Poetry, Celery, Redis, etc. Setting up project directory structure Initializing abstract classes (interfaces), base design templates and dependencies for all layers (Server Gateway, Storage Layer, API Layer)

MINOR Planning, Strategizing & Design-Thinking on System Interactions and various Flow Considerations

Week 2 - 3: MAJOR Server Gateway Core (1) Non-Deterministic Crypto Strategy (As-)Symmetric Crypto Algos Block/Stream Crypto Algos Post-Quantum Crypto Algos Fast Compression Algos Strong Compression Algos Data Metadata & Standardization(1)

MINOR Unit/Integration testing for Server Gateway classes Beginning the RESTFUL API planning and setup

Week 4 - 6: MAJOR Server Gateway Core (2) Key Storage, Management & Rotation Authorization & Authentication Permission Provisioning Caching (1) Monitoring & Logging(1) RESTFUL API exposure (1)

MINOR Unit/Integration testing for Server Gateway classes Planning, Strategizing & Design-Thinking on Data Governance Considerations

Week 7 - 9: MAJOR Server Gateway Core (3) Data Governance Use-cases Policy Enforcement Data Metadata & Standardization(2) Format Preserving Crypto (Sensitive Metadata Masking) Caching (2) Monitoring & Logging(2) Data Provenance & Fingerprinting RESTFUL API exposure (2)

MINOR Unit/Integration testing for Server Gateway classes Planning, Strategizing & Design-Thinking on Persistence Layer Integration.

Week 10 - 12: MAJOR Persistence Layer Implementations Transactioning & STM Filecoin Storage/Retrieval interactions Dynamic Space Allocation & Query Persistence Time- & Key- Versioning and Stamping Out-of-core computing

MINOR Unit/Integration testing for Persistence Layer Classes RESTFUL API exposure (3) Planning, Strategizing & Design-Thinking on gRPC.

Week 11 - 12: MAJOR Documentation and user guide (REST) gRPC Implementation (1) Finalizing the Persistence Layer Thorough Integrations & Functional Testing of Persistence and Server Gateway Layers. System Deployment (1)

MINOR Holistic Debugging and optimization Alternate Web UI Dashboard Panel - Designing & Envisioning

Week 13 - 14: MAJOR System Deployment (2) Documentation and user guide (REST) - (2) Performance metrics gathering Documentations and user guide (gRPC) Alternate Web UI Dashboard Panel - Full Implementation & Backend connection for Admin Panel - (1)

MINOR Holistic, thorough & system-wide features and Integrations Testing

Week 15 - 16: MAJOR Alternate Web UI Dashboard - Full Implementation & Backend connection for Admin Panel - (2) Documentations and user guide (gRPC) - (2)

MINOR Enhancement thinking, Improvements envisioning, Finalization, Sign-off)

Total Budget Requested

Budget Breakdown:

Development (4 Months): $19,200 (48 hrs/week, $25/hr) Justification: Working 48 hours per week for 4 months allows for focused and efficient development.

Deployment: $900 Justifications:

Cloud Resources: ($500) Justification: Estimated cost for a CPU/IO bound virtual machine instance on a cloud platform, leverage on free tier as much as possible

CI/CD: ($200) Justification: For automated builds and deployment

Hosting/Domain Name: ($200) Justification: Cost of domain registration and general hosting for the server gateway service

Hardware: $1,400 Justifications:

1 MacBook Pro: ($1300) Justification: This budget allows for a used MacBook Pro with sufficient performance to support the one I currently have. Exploring used options helps minimize budget allocation for essential project components.

1 5G Router for Internet Connectivity: ($100) Justification: Having a standby gadget for internet access is a boost to my productivity and efficiency in getting the job done. As I live in a developing country with unstable internet access, this will boost my productivity and workflow.

Workspace Rentage: $700 Justification: Renting a dedicated workspace with constant electricity is necessary for the fast and effective completion of the project. As I live in a developing country with unsteady power supply, this will boost my productivity and work-flow.

Contingencies: $200 Justification: Unforeseen and unplanned situations and circumstances

Total Project Budget: $22,400

Maintenance and Upgrade Plans Subsequent maintenance and upgrade plans are envisioned.

UPGRADES

• Intention to add a front-end user interface for ordinary and non-technical users to suit their use-case (different from the admin UI app explicated above).

• Making the system become more intelligent and “living” like a sentinel by implementing the following:

  Anomaly Detection: Using Random Forest Machine Learning models on various standard log and monitoring data to detect unusual patterns that could strongly indicate intrusion or breach.

  Signature-Based Detection: Scanning uploaded files and comparing them against a database of known malware signatures.

  Notification/Alerting System: Notification or alerting system (either via registered emails or phone numbers) to notify stakeholders of possible breaches, perceived threats and other pre-set conditions (based on configuration or rules)

• Expansion to other Networks/Protocols/Use-cases:
  Expanding the system and its various functionalities in order to expose it over other protocols like: MQTT for IOTs, SOAP for alternate consumption, Apache Thrift/Protocol Buffers for large enterprises, or even Web-RTC for streaming use-cases.

• Enterprise Integration: Integration with popular and in-demand enterprise stacks like Elk-stack for better and even more robust monitoring, reporting, logging, visualization and performance tracking.

• Data migration, partitioning or backups unto the Filecoin network from other sources (especially centralized storage servers) via the Cloud Sentinel gateway in order to prevent vendor lock-ins especially for already existing data silos. Existing stacks like R-clone and Kafka could be leveraged.

• Homomorphic/Malleable Cryptography: In combination with other systems suited for machine learning and data science operations in and outside the Filecoin eco-system, Cloud Sentinel could be made inter-operable to secure data even at the computation layer - while still ensuring conventional secured storage on Filecoin even after computations.

• Other language libraries and SDKs: Libraries and SDKs can be written in other languages that will consume the various APIs underneath. SDKs and libraries could be implemented in such well-known languages as Java, C#, Node-JS, PHP, and others.

Note that: all the aforementioned upgrade plans are very real, broad and intense developmental efforts that will be presented in various other grant proposals to be considered after the completion and signing off on the current project scope.

MAINTENANCE Active collaboration with the community and eco-system in order to gather feedbacks, suggestions, constructive criticism, possible alternative strategies and probable evolution insights so as to keep maintaining and improving this project.

Project dependencies will be updated from time to time to account for advances in scope and technology.

Team

This is a single developer project.

Team Members

Name: Emmanuel Damilare Adediji

LinkedIn: https://www.linkedin.com/in/emmanuel-damilare-adediji

GitHub: https://github.com/emmYgd/

Relevant Experiences & Team Code Repositories I am a polyglot software engineer with 6+ years experience. While my repository (github.com/emmYgd) showcases lots of projects that I have been a part of, for the sake of this application, I will be specific on some examples:

(1) A fault-tolerant system for an IoT infrastructure written in both Java and Groovy. Role: My part was to implement the networking and encryption layer - I utilized the Java Networking API and Java Cryptography Extension(JCE). Concurrency was handled using the Groovy GPARS library.

Code Patches and Samples can be found here: https://github.com/emmYgd/IOT-centric-Server-Projects

(2) A cloud infrastructure whose core is in the similitude of a message queue. Role: My part was to implement the event-bus layer using the “subscribe-consume” model - I utilized Python’s Twisted networking and Thespian for actor-based concurrency.

Code Patches and Samples can be found here: https://github.com/emmYgd/Event-Bus

(3) An encryption and base layer components implemented as part of an academic research for some client’s freelance post-grad project on Data Governance. Role: My part was to implement the base layer core for the research project in Python. I utilized PyNaCl, PyCryptoDome and documented their Data Standards.

Code Patches and Samples can be found here: https://github.com/emmYgd/CloudGuards

In addition to that, I have participated in various projects involving different programming languages, technology stacks and frameworks. From Backend API for an e-commerce shopping project at: https://github.com/WiCartitOrg/WiCartIt-Laravel-BE to real estate app that connects house owners to prospective tenants: https://github.com/emmYgd/Rentium

From Typescript projects at peiges.co: https://github.com/peiges to various other research projects in my career.

For a more holistic capture and a broader perspective into my professional background, career trajectory exegesis and projects done, you could visit and read through my LinkedIn profile at: https://linkedin.com/in/emmanuel-damilare-adediji

Additional Information: Some development feature concerns are cross-cutting and may involve going back and forth in an overlapping manner…

Other measures to ensure speed, quality and effectiveness:

• A hybrid of both Defensive Programming (Exception Handling) and DBC (Design By Contract) practices coupled with aforesaid unit-testing will be used to detect bugs quickly & early, while not sacrificing on quality and effective development moving forward.

• SOLID, DRY and other software engineering principles will be strictly adhered to.

• DI/IOC, Python’s Poetry & Docker container will be utilized to streamline and manage cross-dependencies, pre-requisites and complex operational requirements at the code, system and infrastructure levels respectively.

Coupled with the aforementioned, listed below are strategies that will help in further giving me development speed gains:

• I will be using a robust language suited for rapid prototyping, gluing systems together, data security, processing and compute (Python)

• I will not be re-inventing the wheel often as my solution will consist of utilizing and re-using well established open-source Python libraries, frameworks, toolsets (e.g. Celery for Async Queue, Thespian for Actor-based concurrency, PyNacl and PyCryptoDome for encryption, Dogpile for Cache, Cosmian KMS for key management, Dask for out-of-core computing, GitPython for versioning/stamping etc.), standards ( e.g. Dublin Core, ISO ) and file formats (e.g. H5)

• Existing and alternative libraries and APIs will be explored and analyzed to select the best for Filecoin storage network connectivity and interactivity.

• Agile development through horizontal cross-development and quick Unit Testing.

[ErinOCon]

Hi @emmYgd, Thank you for your time with this proposal and for your patience with our review. Unfortunately, we will not be moving forward with a grant at this time. To contact our team with inquiries regarding our review or grants program, please send an email to grants@fil.org.

Wishing you the best with your future projects!