Summary
Acronym : SPE
Funder : INNOVIRIS (Brussels Region)
Start : 2015
End : 2018
Academic coordinator : Olivier Markowitch
Abstract
Cloud computing is a delivery model of computing as a service rather than a product. Services (i.e., resources, software and data) are provided to computers and other devices as utilities over a network. The services themselves are referred as Cloud services. Applications that use these cloud services by means of APIs are referred to as Cloud-based applications. Cloud-based applications are designed in a distributed and multi-party environment: they consume a multitude of third-party Cloud services and rely on infrastructures and/or platforms hosted in external data centers. The multi-party and distributed nature of cloud-based applications requires particular care with respect to security; the authentication and authorisation of users, as well as the confidentiality and integrity of their data.
Although several technologies and solutions are now emerging both in academia and in the industry, they only address parts of the security problems for Cloud-based applications. As a result, Cloud-based application providers are faced with difficulties when linking and bundling them into a workable security solution for their specific context.
Security of Cloud-based applications requires a holistic and proactive approach. The approach lies in good knowledge of security risks specific to Cloud-based applications. This knowledge must be built upon different aspects of the security problems; not only technical aspects but also organizational and societal ones.
The overall goal is to research whether it is feasible to address the above needs by:
- Performing scientific research with respect to the conception of a holistic & coherent set of tools, technologies and techniques that will allow the software industry to proactively think about security in their Cloud-based applications whether SaaS or Mobile. The four considered perspectives are architecture, infrastructure, programming and process.
- Conceiving a dedicated security risk management model targeted towards Cloud-based application builders (e.g., risk evaluation, mitigation responses to critical risks, vulnerabilities and threats).
- Involving the industry as validator of the two above goals through a dedicated industrial platform. The platform consists of different deliverables with objectives ranging from awareness creation up to adoption of the project results in 2 industrial target groups: software companies and technology providers and consultancies.
The SeCloud consortium consists of 11 multi-disciplinary partners. All partners have strong references as regards their scientific contribution to one perspective, and they will all contribute to realize the common goals in this project (risk management and industrial platform).