European Trusted Cloud Ecosystem

HIGH IMPACT INITIATIVE

The goal of the European Trusted Cloud Ecosystem High Impact Initiative (HII) is to provide consumers and businesses with better tools and services to take greater control over the use of sensitive and personal data created by, about and for them. At the same time this data is enabling and stimulating the business growth – companies within the trusted service eco-system, accelerated by the HII, are developing innovative and trusted products and services which can be tailored to and personalized for the specific needs of the individuals and businesses.

CoCo Cloud

Confidential and Compliant Clouds

Coco Cloud aims at allowing the cloud users to securely and privately share their data in the cloud. This will increase the trust of users in the cloud services and thus increase their widespread adoption with consequent benefits for the users and in general for digital economy. Coco Cloud will facilitate the writing, understanding, analysis, management, enforcement and dissolution of data sharing agreements, going from high level descriptions (close to natural language) to system enforceable data usage policies, and it will consider the most appropriate enforcing mechanisms depending on the underlying infrastructure and context for enforcing data usage policies. Coco Cloud will also address key challenges for legally compliant data sharing in the cloud. By taking a “compliance by design” approach, the project places an early emphasis on understanding and incorporating legal and regulatory requirements into the data sharing agreements

NESSOS

Network of Excellence on Engineering Secure Future Internet Software Services and Systems

The Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems. The NESSoS engineering of secure software services is based on the principle of addressing security concerns from the very beginning in system analysis and design, thus contributing to reduce the amount of system and service vulnerabilities and enabling the systematic treatment of security needs through the engineering process. In light of the unique security requirements the Future Internet will expose, new results will be achieved by means of an integrated research, as to improve the necessary assurance level and to address risk and cost during the software development cycle in order to prioritize and manage investments. NESSoS will integrate the research labs involved; NESSoS will re-address, integrate, harmonize and foster the research activities in the necessary areas, and will increase and spread the research excellence. NESSoS will also impact training and education activities in Europe to grow a new generation of skilled researchers and practitioners in the area. NESSoS will collaborate with industrial stakeholders to improve the industry best practices and support a rapid growth of software-based service systems in the Future Internet. The research excellence of NESSoS will contribute to increase the trustworthiness of the Future Internet by improving the overall security of software services and systems. This will support European competitiveness in this vital area.

CONTRAIL

Open Computing Infrastructures for Elastic Services

In the future of corporate IT, companies will rely on highly dynamic distributed IT infrastructures. Federation models are envisioned where a given organisation will be both a Cloud provider during periods when its IT infrastructure is not used at its maximal capacity, and a Cloud customer in periods of peak activity. The main contribution of CONTRAIL will be the development of an integrated approach to virtualization, offering Infrastructure as a Service (IaaS), services for federating IaaS Clouds, and Platform as a Service (PaaS)on top of federated Clouds. This service stack will be part of the CONTRAIL open source system, facilitating industrial up-take of Cloud computing. The main outputs of CONTRAIL are a collection of infrastructures ervices offering network, computation and storage as a service; services to federate IaaS Clouds; a set of highlevel services and runtime environments for typical Cloud applications, including efficient map/reduce, scalable service-oriented application hosting, and automatic workflow execution; and a set of applications and use FP7-ICT-2009-5 Integrated project proposal CONTRAIL cases from the domains of e-business, e-science, telecommunication and media using and demonstrating the CONTRAIL system. CONTRAIL leverages the open source XtreemOS system, developed in the successful XtreemOS European integrated project and which was designed for large scale dynamic infrastructures. XtreemOS integrates services for data, application, security and community management that can be adapted to provide a unified solution for building private, public and federated Cloud infrastructures. CONTRAIL has core virtualization technology integrated with its high-level services and its Cloud management facilities. This unique approach of covering "the whole Cloud", from the core infrastructure, via federation mechanisms, to management services, enables the construction of transparent, trusted and reliable Cloud platforms with operations governed by service level agreements.

GRIDTRUST

Security and Trust for GRID systems

Il progetto GridTrust is addressing the following objective of the 2005-2006 Work Programme - Call 5: "2.5.4 Advanced Grid Technologies, System and Services". GridTrust is focusing on Grid Foundations: Architecture, design and development of technologies and systems for building the invisible Grid. The overall objective of the GridTrust project is to develop the technology to manage trust and security for the Next Generation Grids (NGG). We propose to have a vertical approach tackling issues of trust, security and privacy (TSP) from the requirement level down to the application, middleware and foundation levels. Our emphasis is on models and tools to assist in reasoning about trust and security properties along the NGG architecture. GridTrust consortium involves a large industrial partner (HP European Innovation Center), end users (De Agostini), SMEs (Moviquity, Interplay) and European research groups covering the areas of requirement engineering, grid technology and security among others (CETIC, CCLRC, CNR, VUA). Moviquity, HP and Interplay are providing important test cases to validate the GridTrust framework, including innovative applications such as "inter-enterprise knowledge management" and "distributed authoring". Moviquity and De Agostini are committed to implementation and exploitation of the results of the projects.

S3MS

Security of Software and Services for Mobile Systems

The objective of S3MS is to create a framework and a technological solution for trusted deployment and execution of communicating mobile applications in heterogeneous environments. S3MS would enable the opening of the software market of nomadic devices (from smart phones to PDA) to trusted third party applications beyond the sandbox model, without the burden of roaming trust infrastructure but without compromising security and privacy requirements. A contract-based security mechanism will lie at the core of the framework. The new paradigm will not replace, but enhance todays security mechanism, and will provide a flexible, simple and scalable security and privacy protection mechanism for future mobile systems. It will allow a network operator and a user to decide what an application is allowed to do, prevent bad code from running, and allow good code to be easily designed and deployed. The new paradigm of security-by-contract affects the entire life cycle of mobile applications and services: Contracts must be accommodated in high level design of security and privacy requirements of applications and mobile platforms, programming languages for the formulation of contracts must be developed, compilers must be modified to produce executable contracts for a piece of software, loaders must be aware of the static contract information that can be checked at load time, and runtime systems must be equipped with the mechanisms needed to ensure that the contracts are fulfilled during execution.