The Context
Cloud technology offers a powerful approach to the provision of infrastructure, platform and software services without incurring the considerable costs of owning, operating and maintaining the computational infrastructures required for this purpose.
The Problem
Despite its appeal from a cost perspective, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. Such concerns arise from the difficulty to guarantee security properties of the different types of services available through clouds. Service providers are reluctant to take full responsibility of the security of their services once the services are uploaded and offered through a cloud. Also, cloud suppliers have historically refrained from accepting liability for security leak. This reluctance stems from the fact that the provision and security of a cloud service is sensitive to changes due to cloud operation, as well as to potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack. Still many cloud users, including institutional ones, would like to rely on cloud-based services they use to exhibit certified security properties.
The Project Goal
CUMULUS will address these limitations by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in cloud. CUMULUS framework will bring service users, service providers and cloud suppliers to work together with certification authorities in order to ensure security certificate validity in the ever-changing cloud environment.