Related EC initiatives

Cloud Accountability Project (A4CLOUD)

A4CloudThe Cloud Accountability Project (or A4Cloud for short) focuses on the Accountability For Cloud and Other Future Internet Services as the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services. The research being conducted in the project will increase trust in cloud computing by devising methods and tools, through which cloud stakeholders can be made accountable for the privacy and confidentiality of information held in the cloud. These methods and tools will combine risk analysis, policy enforcement, monitoring and compliance auditing. They will contribute to the governance of cloud activities, providing transparency and assisting legal, regulatory and socio-economic policy enforcement.

Start: October 2012
April 2016
Project’s webpage:


CIRRUS (Certification, InteRnationalisation and standaRdization in cloUd Security)

CIRRUSCertification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS) aims to bring together representatives of industry organizations, law enforcement agencies, cloud services providers, standard and certification services organizations, cloud consumers, auditors, data protection authorities, policy makers, software component industry etc. with perse interests in security and privacy issues in cloud computing.CIRRUS clouds are among the highest altitude clouds in troposphere: CIRRUS project also aims to provide “high-level, high-impact” support and coordination for European ICT security research projects. Project activities target joint standardization, certification schemes, link research projects with EU policy and strategy, internationalization, as well as industry best practices and public private cooperation initiatives.

Start: October 2012
End:  December 2014
Project’s webpage:


CLARUS (A Framework for User Centred Privacy and Security in the Cloud)

ClaruslogoTrust is essential to wider uptake of cloud services but it can only come from solid mechanisms that ensure greater control over the security and privacy of the user’s data. Confidentiality and privacy are still major concerns when it comes to moving to the cloud. Many organisations are also reluctant to outsource sensitive data due to lack of control over its storage and management. What’s more, it is also increasingly important to protect business assets from vulnerabilities or attacks and ensure that applications continue to operate and provide a good level of service even during an attack.

CLARUS is all about improving trust in cloud computing and securely unlocking sensitive data to enable new and better cloud services. CLARUS is developing a secure framework for storing and processing data outsourced to the cloud so end-users can monitor, audit and control their stored data while gaining the cost-saving benefits and capacity that cloud services bring.

CLARUS is paving the way towards more transparent, standardised, auditable and controllable cloud services, benefiting both consumers and providers of cloud services.

Start: January 2015
End:  December 2017
Project’s webpage:


COCO CLOUD (Confidential and compliant clouds)

logoCoco Cloud aims at allowing the cloud users to securely and privately share their data in the cloud. This will increase the trust of users in the cloud services and thus increase their widespread adoption with consequent benefits for the users and in general for digital economy.

The project aims at creating an efficient and flexible framework for secure data management from the client to the cloud, and vice-versa. In particular three dimensions to this goal are considered:

  • to facilitate the writing, understanding, analysis, management, enforcement and dissolution of data sharing agreements; going from high level descriptions (close to natural language) to system enforceable data usage policies;
  • to consider the most appropriate enforcing mechanisms depending on the underlying infrastructure and context for enforcing data usage policies;
  • to address key challenges for legally compliant data sharing in the cloud. By taking a “compliance by design” approach, the project places an early emphasis on understanding and incorporating legal and regulatory requirements into the data sharing agreements.
Start: November 2013
End:  November 2016
Project’s webpage:


CUMULUS (Certification infrastrUcture for MUlti-Layer cloUd Services)


Despite its appeal from a cost perspective, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it.
Such concerns arise from the difficulty to guarantee security properties of the different types of services available through clouds. Service providers are reluctant to take full responsibility of the security of their services once the services are uploaded and offered through a cloud. Also, cloud suppliers have historically refrained from accepting liability for security leaks. This reluctance stems from the fact that the provision and security of a cloud service is sensitive to changes due to cloud operation, as well as to potential interference between the features and behavior of all the interdependent services in all layers of the cloud stack.
CUMULUS (Certification infrastrUcture for MUlti-Layer CloUd Services) will address these limitations by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in cloud. CUMULUS framework will bring service users, service providers and cloud suppliers to work together with certification authorities in order to ensure security certificate validity in the ever changing cloud environment.

Start: October 2012
End:  September 2015
Project’s webpage:


MUSA-MUlti-cloud Secure Applications

cropped-MUSA-logo-square1-2The main objective of MUSA, MUlti-cloud Secure Applications,  is to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources, through a security framework that includes:

a) security-by-design mechanisms to allow application self-protection at runtime, and

b) methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications.

The MUSA framework leverages security-by-design, agile and DevOps approaches in multi-cloud applications, and enables the security-aware development and operation of multi-cloud applications.

Start: January 2015
December 2017
Project’s webpage:


NESSOS-Network of Excellence on Engineering Secure Future Internet Software Services and Systems

nessosThe Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS) aims at constituting and integrating a long lasting research community on engineering secure software-based services and systems.
The NESSoS engineering of secure software services is based on the principle of addressing security concerns from the very beginning in system analysis and design, thus contributing to reduce the amount of system and service vulnerabilities and enabling the systematic treatment of security needs through the engineering process. In light of the unique security requirements the Future Internet will expose, new results will be achieved by means of an integrated research, as to improve the necessary assurance level and to address risk and cost during the software development cycle in order to prioritize and manage investments. NESSoS will integrate the research labs involved; NESSoS will re-address, integrate, harmonize and foster the research activities in the necessary areas, and will increase and spread the research excellence. NESSoS will also impact training and education activities in Europe to grow a new generation of skilled researchers and practitioners in the area. NESSoS will collaborate with industrial stakeholders to improve the industry best practices and support a rapid growth of software-based service systems in the Future Internet.

The research excellence of NESSoS will contribute to increase the trustworthiness of the Future Internet by improving the overall security of software services and systems. This will support European competitiveness in this vital area.

Start: October 2010
End:  March 2014
Project’s webpage:


NIS Platform

enisa2The establishment of the NIS Public-Private Platform was announced in the Cybersecurity Strategy of the European Union. It shares the same objective as the Cybersecurity Strategy and the NIS Directive, i.e. to foster the resilience of the networks and information systems which underpin the services provided by market operators and public administrations in Europe. The NIS Platform will help implement the measures set out in the NIS Directive and ensure its convergent and harmonised application across the EU.



SESAMO (Security and Safety Modelling)


The SESAMO project addresses the root causes of problems arising with convergence of safety and security in embedded systems at architectural level, where subtle and poorly understood interactions between functional safety and security mechanisms impede system definition, development, certification, and accreditation procedures and standards. Intense market innovation is being held back by this root cause: the absence of a rigorous theoretical and practical understanding of safety and security feature interaction. The proposed solution is to develop a component-oriented design methodology based upon model-driven technology, jointly addressing safety and security aspects and their interrelation for networked embedded systems in multiple domains (e.g., avionics, transportation, industry control).

Start: May 2012
End:  June 2015
Project’s webpage:



SLAreadyThe biggest perceived barriers for both consumer and SMEs take-up of cloud computing are lack of privacy, data security, provider lock-in, lack of standardisation, and jurisdictional issues relating to applicable law and law enforcement access to data.
SLA-Ready is the new European project which aims at giving pain relief to cloud customers through a service driven approach specifically designed for SMEs.
SMEs are European economic blood life and can benefit greatly from the uptake of Cloud Computing. Nevertheless, many SMEs are not adopting Cloud due to lack of clarity in Cloud Service Provider (CSP) contracts and language-used, and a fear of risks in terms of security and data protection.
SLA-Ready will shed a new light on Cloud Computing through a service driven approach that will guide SMEs through their Cloud journey. We will provide practical guides, user-friendly tutorial and decision making support tools will help SMEs understand what to expect and what to look out when signing up with a cloud provider in order to get the best deal.

Start: January 2015
End:  December 2017
Project’s webpage: