Newsletter Subscription

Related Projects


Confidential and Compliant Cloud project aims at allowing the cloud users to securely and privately share their data in the cloud. This will increase the trust of users in the cloud services and thus increase their widespread adoption with consequent benefits for the users and in general for digital economy.

The Cloud Accountability Project (or A4Cloud for short) focuses on the Accountability For Cloud and Other Future Internet Services as the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services. 


ASSERT4SOA aims at supporting new certification scenarios, where the security certification of services is required and plays a major role. It produces novel techniques, tools, and an architecture for expressing, assessing, and certifying security properties for complex service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems.


CEU FP7 CIRRUS focuses on the design, definition, and development of solutions increasing security and privacy in the clouds. It aims at addressing the need of security and privacy of industry organization representatives, law enforcement agencies, cloud services providers, standard and certification services organizations, cloud consumers, auditors, data protection authorities, policy makers, software component industry.

Coco Cloud

Coco Cloud aims at allowing the cloud users to securely and privately share their data in the cloud. This will increase the trust of users in the cloud services and thus increase their widespread adoption with consequent benefits for the users and in general for digital economy.


The mission of PRACTICE is to design cloud computing technologies that allow computations in the cloud thus enabling new business processes while keeping the used data secret. Unlike today – where insiders can access sensitive data – PRACTICE will prevent cloud providers and other unauthorized parties from obtaining secret or sensitive information.


PoSecCo considers the need of security compliance and automatic security configuration of services. It starts from high-level security requirements and matches them to low-level product-independent security configurations, which in turn are translated in the actual system syntax, format, and requirements. 


SECCRIT project aims to analyse and evaluate cloud computing technologies with respect to security risks in sensitive environments, and to develop methodologies, technologies, and best practices for creating a secure, trustworthy, and high assurance cloud computing environment for critical infrastructure IT.


SecFutur has developed and established a security engineering process for embedded systems. In order to achieve this overall goal SecFutur has provided a set of implemented resource-efficient security building blocks for embedded systems, each addressing a specific complex non-functional requirement, and a security engineering framework that supports the developer in integrating these building blocks into the overall engineering process.


SPECS project aims at developing and implementing an open source framework to offer Security-as-a-Service, by relying on the notion of security parameters specified in Service Level Agreements (SLA), and also providing the techniques to systematically manage their life-cycle. The SPECS framework will provide techniques and tools for: (i) Enabling a user-centric negotiation of security parameters in Cloud SLA, along with a trade-off evaluation process among users and CSPs, in order to compose and use Cloud services fulfilling a minimum required security level (termed QoSec or Quality of Security in SPECS). (ii) Monitoring in real-time the fulfillment of SLAs agreed with one or more CSP. SPECS’ monitoring services also enable notifying both users and CSPs, when a SLAs not being fulfilled (e.g., due to a cyber-attack); (iii)Enforcing agreed Cloud SLA in order to keep a sustained QoSec that fulfills the specified security parameters. SPECS’ enforcement framework will also “react and adapt” in real-time to fluctuations in the QoSec by advising/applying the correct countermeasures (e.g., triggering a two-factor authentication mechanism).


EU FP7 project to build a prototype Internet scale ICT infrastructure which allows virtualized computing, network, and storage resources over the Internet through implementing security enhancement on top of commodity infrastructure clouds.


The TRESCCA project aims to lay the foundations of a secure and trustable cloud platform by ensuring strong logical and physical security on the edge devices, using both hardware security and virtualization techniques while considering the whole cloud architecture. The project will propose and demonstrate hardware/software solutions allowing stakeholders to delegate the processing of their sensitive data to a remote processing engine. Security is a main concern, but cost, performance and acceptability will also considered as key metrics.


CloudOpting aims to deliver a set of tools that will allow local authorities and public administrations to share their services with citizens and third-parties, and migrate existing IT systems on the cloud. This will allow for the reduction of related investment and expenses as a result of an aggregate demand and the measurement and control of costs. CloudOpting intends to enhance the adoption of cloud platforms by stimulating a change of practice in public authorities and thus enable efficient and transparent services as well as new market applications to private companies and citizens.

The framework will be tested in pre-commercial pilots deployed and experimented in four European regions and cities – Barcelona (Spain), Piedmont (Italy), Corby (UK, and Sant Feliu (Spain). The results and conclusions related to these experiments will contribute to establishing common strategies, methodologies, standards and innovative cloud-based services through an open platform.