TClouds linked/related FP7 projects

a4cloud logo

Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. A4Cloud will create solutions to support users in deciding and tracking how their data is used by cloud service providers. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress, A4Cloud aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud. A4Cloud solutions will support service providers in preventing breaches of trust by using audited policy enforcement techniques, assessing the potential impact of policy violations, detecting violations, managing incidents and obtaining redress. A4Cloud aims to improve the acceptability of cloud-based infrastructures where critical data is perceived to be at risk. It will develop techniques for improved trustworthiness of cloud ecosystems as prerequisite for accountability. Therefore it will create policies and tools that enforce responsibilities while striking a balance between transparency and privacy, and determine issues and constraints for regulators, corporate and institutional service providers, users, and their end-users. A4Cloud will have a lasting impact on the competitiveness of the European ICT sector by addressing major perceived barriers to trustworthy cloud-based services. These include concerns about complexity and enforceability of legal, regulatory and contractual provisions, socio-economic and corporate constraints, issues of trust for service-users such as risk-mitigation, privacy, confidentiality and transparency, and operational challenges such as interoperability and enforcing and monitoring compliance.

aniketos logo

The Future Internet will provide an environment in which a diverse range of services are offered by a diverse range of suppliers, and users are likely to unknowingly invoke underlying services in a dynamic and ad hoc manner. Moving from today s static services, we will see service consumers that transparently mix and match service components depending on service availability, quality, price and security attributes. Thus, the applications end users see may be composed of multiple services from many different providers, and the end user may have little in the way of guarantee that a particular service or service supplier will actually offer the security claimed. ANIKETOS will help establish and maintain trustworthiness and secure behaviour in a constantly changing service environment. The project will align existing and develop new technology, methods, tools and security services that support the design-time creation and run-time dynamic behaviour of composite services, addressing service developers, service providers and service end users. ANIKETOS will provide methods for analysing, solving, and sharing information on how new threats and vulnerabilities can be mitigated. A platform will be constructed for creating and maintaining secure and trusted composite services. Specifications, best practices, standards and certification work related to security and trust of composite services will be promoted for inclusion in European reference architectures. Our approach to achieving trustworthiness and security of adaptive services will take account of socio-technical aspects as well as basic technical issues.

assert4soa logo

The term "certification" has several different meanings in ICT. Software practitioners can earn a certificate for expertise in a certain hardware or software technology. The maturity of crucial IT processes, such as software development, can be and is often certified. Even individual software systems can be certified as having particular non-functional properties, including safety, security or privacy. However, the latter type of certification (e.g. Common Criteria) has had only a limited use to this day. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, due to greater adoption of Service-Oriented Architectures (SOAs) and the wider spread of the deployment of Software-as-a-Service (SaaS). These trends point to large-scale, heterogeneous ICT infrastructures hosting applications that are dynamically built from loosely-coupled, well-separated services, where key non-functional properties like security, privacy, and reliability will be of increased and critical importance. In such scenarios, certifying software properties will be crucial. Current certification schemes, however, are either insufficient in addressing the needs of such scenarios or not applicable at all and thus, they cannot be used to support and automate run-time security assessment. As a result, today’s certification schemes simply do not provide, from an end-user perspective, a reliable way to assess the trustworthiness of a composite applications in the context where (and at the time when) it will be actually executed. ASSERT4SOA will fill this gap by producing novel techniques and tools – fully integrated within the SOA lifecycle – for expressing, assessing and certifying security properties for complex service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems.

cirrus logo

Certification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS) aims to bring together representatives of industry organizations, law enforcement agencies, cloud services providers, standard and certification services organizations, cloud consumers, auditors, data protection authorities, policy makers, software component industry etc. with perse interests in security and privacy issues in cloud computing. Different stakeholders have different expectations, views or requirements related to cloud computing. Users are worried about data portability or cloud interoperability, to ensure privacy and security when migrating their data from one cloud to another. Concerns about security in the cloud can prevent certain users, such as critical infrastructure operators, from moving their data to the cloud. Challenges coming from national legislations and cross-country agreements need to be faced by data law enforcement agencies, whilst compliance, auditing and certification are important for ICT service providers when dealing with their cloud related business. Loss of control, confidentiality, auditing and compliance implications are main concerns for Chief Information Officers. CIRRUS Consortium and Advisory Board are bringing representatives of these stakeholders together. It has an excellent balance of academic, private and public partners that enable balancing of their needs and views while maintaining the vision and high-level objectives such as bringing research project results to the market or improving trust in cyberspace. CIRRUS clouds are among the highest altitude clouds in troposphere: CIRRUS project also aims to provide “high-level, high-impact” support and coordination for European ICT security research projects. Project activities target joint standardization, certification schemes, link research projects with EU policy and strategy, internationalization, as well as industry best practices and public private cooperation initiatives.

CloudScale logo

Current cloud platforms provide limited support for customers in designing scalable and cost efficient applications. In particular, they do not support analysing how an application will scale with a growing number of users and how this will affect operation costs. CloudScale will provide an engineering approach for building scalable cloud applications and services. CloudScale will support Software as a Service (SaaS) and Platform as a Service (PaaS) providers (a) to design their software for scalability and (b) to swiftly identify and gradually solve scalability problems in existing applications. CloudScale will enable the modelling of design alternatives and the analysis of their effect on scalability and cost. Best practices for scalability will further guide the design process. Additionally, CloudScale will provide tools and methods that detect scalability problems by analysing code. Based on the detected problems, CloudScale will offer guidance on the resolution of scalability problems. It answers the ICT Work Programme's call for achieving massive scalability for software-based services. The planned validation of project results involves two complementary use cases in the SaaS and the PaaS domain. CloudScale will leverage European application expertise into the domain of competitive cloud application offerings, both at the SaaS and PaaS level. The engineering approach for scalable applications and services will enable small and medium enterprises as well as large players to fully benefit from the cloud paradigm by building scalable and cost-efficient applications and services based on state-of-the-art cloud technology. Furthermore, the engineering approach reduces risks as well as costs for companies newly entering the cloud market. A tight, focused consortium with strong industrial partners, solid expertise in the domain and a proven track record from working together in earlier projects will invest a total of 386 PMs over 36 months.


cloudspaces logo

In the following years, users will access their data from a variety of devices, operating systems and applications. The CloudSpaces project advocates for a paradigm shift from application-centric to person-centric models where users will retake the control of their information. CloudSpaces aims to create the next generation of open Personal Clouds using three main building blocks: CloudSpaces Share, CloudSpaces Storage and CloudSpaces Services. CloudSpaces Share will deal with Interoperability and privacy issues. The infrastructure must ensure privacy-aware data sharing from other Personal Clouds. It must overcome existing vendor lock-in risks thanks to open APIs, metadata standards, personal data ontologies, and portability guarantees. CloudSpaces Storage takes care of scalable data management of heterogeneous storage resources. In particular, users retaking control of their information means that users can decide where their data is stored and how applications and users can access their information. This new scenario clearly requires novel adaptive replication and synchronization schemes dealing with aspects like load, failures, network heterogeneity and desired consistency levels. Finally, CloudSpaces Services provides a high level service infrastructure for third-party applications that can benefit from the Personal Cloud model. Our novel application model will offer data management (3S: Store, Sync, Share), data-application interfaces, and a persistence service to heterogeneous applications with different degrees of consistency and synchronization. The project results will be validated thanks to contributions to three main open source projects: Ubuntu One Personal Cloud, OpenStack Swift Cloud storage solution, and eyeOS Personal Web Desktop. We will leverage the massive communities of these projects to disseminate CloudSpaces achievements.

Fact Sheet: Download

cumulus logo

Cloud technology offers a powerful approach to the provision of infrastructure, platform and software services without incurring the considerable costs of owning, operating and maintaining the computational infrastructures required for this purpose. Despite its appeal from a cost perspective, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. Such concerns arise from the difficulty to guarantee security properties of the different types of services available through clouds. Service providers are reluctant to take full responsibility of the security of their services once the services are uploaded and offered through a cloud. Also, cloud suppliers have historically refrained from accepting liability for security leak.. This reluctance stems from the fact that the provision and security of a cloud service is sensitive to changes due to cloud operation, as well as to potential interference between the features and behaviour of all the inter-dependent services in all layers of the cloud stack. Still many cloud users, including institutional ones, would like to rely on cloud-based services they use to exhibit certified security properties.
CUMULUS will address these limitations by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in cloud. CUMULUS framework will bring service users, service providers and cloud suppliers to work together with certification authorities in order to ensure security certificate validity in the ever-changing cloud environment. CUMULUS will rely on multiple types of evidence regarding security, including service testing and monitoring data and trusted computing proofs, and based on models for hybrid, incremental and multi-layer security certification. Whenever possible, evidence gathering will build upon existing standards and practices (e.g., interaction protocols, representation schemes etc.) regarding the provision of information for the assessment of security in clouds. To ensure large-scale industrial applicability, the CUMULUS framework will be evaluated in reference to cloud application scenarios in some key industrial domains, namely Smart Cities and eHealth services and applications.


fi-ware logo

The goal of the FI-WARE project is to advance the global competitiveness of the EU economy by introducing an innovative infrastructure for cost-effective creation and delivery of services, providing high QoS and security guarantees. FI-WARE is designed to meet the demands of key market stakeholders across many different sectors, e.g., healthcare, telecommunications, and environmental services. FI-WARE unites major European industrial actors. The key deliverables of FI-WARE will be an open architecture and a reference implementation of a novel service infrastructure, building upon generic and reusable building blocks developed in earlier research projects. We will demonstrate how this infrastructure supports emerging Future Internet (FI) services in multiple Usage Areas, and will exhibit significant and quantifiable improvements in the productivity, reliability and cost of service development and delivery building a true foundation for the Future Internet. From an architectural perspective, FI-WARE is based on the following main foundations: Service Delivery Framework the infrastructure to create, publish, manage and consume FI services across their life cycle, addressing all technical and business aspects. Cloud Hosting the fundamental layer which provides the computation, storage and network resources, upon which services are provisioned and managed. Support Services the facilities for effective accessing, processing, and analyzing massive streams of data, and semantically classifying them into valuable knowledge. IoT Enablement the bridge whereby FI services interface and leverage the ubiquity of heterogeneous, resource-constrained devices in the Internet of Things. Interface to Networks open interfaces to networks and devices, providing the connectivity needs of services delivered across the platform. Security the mechanisms which ensure that the delivery and usage of services is trustworthy and meets security and privacy requirements.

massif logo

The main objective of MASSIF is to achieve a significant advance in the area of Security Information and Event Management (SIEM). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts (Fraunhofer), architecture for dependable and resilient collection of service events (Uni. Lisboa), supported by an extremely scalable and high performance event collection and processing framework (UPM), in the context of service-level attack models (SPIIRAS). Four industrial domains serve as a source for requirements and to validate and demonstrate project results: (i) Olympic Games IT infrastructure deployed and managed by Atos Origin; (ii) France Telecom scenario on "Mobile phone based money transfer service" facing security events, especially for the "non-IT" and "service" events; (iii) T-Systems South Africa provides managed IT outsource services with a high degree of complexity in setting up SIEM systems for large distributed enterprises; and (iv) Epsilon (an SME) will demonstrate the use of the advanced concepts of SIEM in an IT system supporting a critical infrastructure (dam).

MCN logo

MobileCloud is Mobile Network + Decentralized Computing + Smart Storage offered as One Service - On-Demand, Elastic and Pay-As-You-Go.
The top-level objectives of the MobileCloud project are a) to develop a novel mobile "network" architecture and technologies, using proof-of-concept prototypes, to lead the way from current mobile networks to a fully cloud-based mobile communication system, b) to extend cloud computing to support on-demand and elastic provisioning of novel mobile services.
MobileCloud will investigate, implement, and evaluate the technological foundations for that system to meet realtime performance, and support efficient and elastic use and sharing of radio access and mobile core network resources between operators. Mobile network functionalities - such as baseband unit processing, mobility management and QoS control - will run on the enhanced mobile cloud platform leveraging commodity hardware, which requires extensions towards higher decentralization and enhancing them to elastically scale up and down based on load.
The end-to-end control and management orchestrates infrastructure and services across several technological domains: wireless, mobile core and data centres, providing guaranteed end-to-end SLAs and AAA as well as service mobility through the Follow-Me Cloud concept.
Besides the technological aspects, MobileCloud will identify and evaluate overarching novel business models that support the exploitation of the mobile cloud in various multi-stakeholder scenarios. The MobileCloud architecture will be evaluated in realistic scenarios and with a set of concrete use-cases, based on applications such as mobile cloud enabled digital signage. The evaluation will be done from diverse viewpoints, exploiting the well-balanced and representative consortium including leading industry from the telecommunication as well as the cloud computing segments.

Posecco logo

PoSecCo's vision is to establish and maintain a consistent, transparent, sustainable and traceable link between high-level, business-driven security and compliance requirements on one side and low-level technical configuration settings of individual services on the other side.
Such an end-to-end link shall be maintained in operating conditions, i.e. considering constant evolution that result in changes of two kinds:

  • New or changing security and compliance requirements as a result of, for instance, new business service offerings, new customers or suppliers, changing security needs of existing customers or new legal regulations and security standards.

  • Landscape changes as a result of, for instance, ordinary administration tasks that change configuration settings or changes of application and infrastructure services in the course of purchase, in- or outsourcing decisions

PoSecCo maintains this end-to-end link by automated means where possible and offers decision support where human interaction is inevitable. To deal with these two kinds of changes, PoSecCo simultaneously thrives for a top-down, policy-driven approach and a bottom-up, landscape-driven approach:
First, the top-down approach takes as input the various laws, regulations, best practices and standards for security and compliance, captures them by policies that are more detailed, prose descriptions of security and compliance objectives and translates them into IT policies which relate the high-level requirements to the actual IT landscape and infrastructure.
Second, the bottom-up approach builds on top of common Change and Configuration Management (CCM) and Audit software, whose industry adoption is steadily growing [Forr07] and which, by our assumption, offers a common configuration interface for the various application and infrastructure services that compose FI applications - herewith extending the service-oriented architecture (SOA) concept of services being selfcontained components with defined business interfaces towards defined configuration interfaces on the basis of, for instance, the OASIS Web Services Resource Framework [OASIS06].


The TRESCCA project - TRustworthy Embedded Systems for Secure Cloud Computing Applications aims to lay the foundations of a secure and trustable cloud platform by ensuring strong logical and physical security on the edge devices, using both hardware security and virtualization techniques while considering the whole cloud architecture. The project will propose and demonstrate hardware/software solutions allowing stakeholders to delegate the processing of their sensitive data to a remote processing engine opening up whole new field of cloud services and applications. The approach avoids undesirable paradigm shifts, both in the software and in the hardware by complementing existing legacy solutions by non-intrusive add-ons. Security is a main concern but cost, performance and acceptability will also be considered as key metrics. In order to promote the solutions and to challenge them against security experts, openness will be an important characteristic of the project: as much as possible of the project's outcomes will be public and released under free software licenses.