SeCloud addresses security challenges in cloud computing environments

Confidentiality and integrity of data is paramount to applications that are hosted in the cloud and to applications that interact with other cloud services. The SeCloud project investigates a security-first and holistic approach to engineering of cloud-based applications. 

The research initiative SeCloud brings together experts from the Brussels research community to work on industrially relevant solutions to security challenges in cloud computing environments, enabling security-driven engineering of cloud-based applications. To this end, Sirris and the research groups from Erasmus, UCLouvain, ULB and VUB cover security from the complementary perspectives of secure architecture (e.g. patterns), secure infrastructure (e.g. encryption), secure programming technology (e.g. vulnerability checking) and secure processes (e.g. requirements engineering and legal aspects). 

Perspectives 

Each perspective seeks answers to relevant questions in the domain of cloud-based applications: 

The architectural perspective of the project focuses on typical architectural aspects of cloud-based applications, while identifying potential security risks: 

  • How to design secure cloud-based applications from the ground up, using security-aware cloud architectural patterns?
  • How to design secure API-based cloud services?
  • How to define, deliver and compose data-as-a-service applications, while mitigating the associated security risks? 

The infrastructural perspective investigates fundamental security services and their application in cloud computing: 

  • How to leverage the distributed nature of cloud-based applications to increase security?
  • How to deal with security issues arising in a multi-party environment with limited trust?
  • How to overcome security limits of simple password-based identity schemes? 

The programming perspective deals with programming technology applicable by software developers in cloud computing environments: 

  • How to enforce security policies by programming language extensions?
  • How to check the code for security issues during run-time and compile time?
  • Can the Cloud-based applications be secured by employing machine learning of vulnerability and interaction models? 

The process perspective aims at assisting overcoming the legal and business barriers in adopting cloud-based applications: 

  • How to translate legal requirements into security requirements for the cloud-based applications?
  • How to deal with the arising contractual and multi-party liability issues in cloud-based applications?
  • What are the good business practices to maintain compliance? 

On 9 March, the SeCloud project partners will hold a brokerage event. During this event you will receive more practical information on the topic of security challenges in cloud computing environments. Further information can be found on our agenda. 

The SeCloud project is fully supported by: