The aim of the project is the research and development of a secure platform for Cloud Computing (SECloud) applications in APaaS (Application Platform as a Service) mode. This platform will be exportable as a model of technology, proceedings, design and tool integration, and will cover risks regarding information security and infrastructure.
This project was sponsored by the Spanish Department of Industry, Tourism and Commerce within the National Plan for Scientific Research, Development and Technological Innovation 2008-2011.
One of the key factors to achieve the expansion of Cloud Computing is assuring the security of information and data in an environment that is not that of the enterprise, and developing trust platforms, capable of guaranteeing security, integrity and exploitation of the information at no risk.
SECloud platform will suggest solutions for the main security risks perceived by potential customers as a restraint for the adoption of Cloud Computing to host their IT systems.
- Capacity to secure the environment
- Capacity to secure the isolation of the environment
- Capacity to secure the availability based on geographic dispersion of services
- Capacity to provide high availability to services (nearly 100%)
- Capacity to manage threats
- Data integrity and authenticity: data immutability will be ensured under any circumstances to prevent fraudulent manipulation and ensure the value of information.
- Access and identity management: access to information will be regulated for each user profile, not only at document level, but also for specific data. This means there will be a definition of information access permissions that the system will have to manage, displaying only the specified contents.
- Data anonymization: the anonymization of certain pre-specified data will allow the exploitation of information without being exposed to the risk of confidential information disclosure, while preserving the value of information. For the development of the SECloud platform, we are studying Domains of the CSA Standard: Security in Cloud Computing. The initiative CSA2 has been established as the methodological starting point and reference framework for this work.
- Development of a technological and procedure model for secure platforms in APaaS environments.
- Development of capacities to guarantee the isolation of the environment, and availability based on geographic dispersion of services.
- Model of capacity to manage threats.
At the moment, February 2012, phase of development of prototype.
- Kinamik Data Integrity
- CETaqua Centro Tecnológico del Agua
- BDigital Barcelona Digital Technology Centre
- Universitat Rovira i Virgili. Departament d’Enginyeria Informàtica i Matemàtiques