Cloud computing aims at flexible and scalable infrastructures using virtualized resources. Although virtualization and outsourcing improve efficiency and flexibility, they also introduce new threats.
“Cryptography is only as good as the keys used.”
—Elli Androulaki, IBM scientist
We mitigate these threats by means of new security technologies to protect virtual environments. Moreover, we are designing novel mechanisms that provide protection levels beyond those of today’s non-virtualized systems.
Whereas providers employ traditional security measures, clients of cloud services can use cryptography to provide additional protection to their data. Data encryption and integrity protection methods give clients some degree of control over their data, but crucial aspects must still be addressed:
- Cryptography is only as good as the keys used. Hence one needs good solutions for key management.
- As encrypting data prevents data from being processed in the cloud, additional sophisticated cryptographic schemes are needed to enable limited processing.
With its strong background in cryptography and system security, our team has made key contributions to research, products and standards in the domain of cloud and data security.
Research projects

TREDISEC
This project focuses on the fact that most security protocols/schemes either provide security at the expense of the economy of scale and cost effectiveness of the cloud, or they meet the latter objectives at the expense of security.
The TREDISEC project addresses this issue by developing systems and techniques to make the cloud a secure and efficient haven to store data.
The project will devise, analyse, and implement a set of cloud security primitives to ensure the confidentiality and integrity of outsourced data in the presence of a powerful attacker who controls the entire network.

ESCUDO-CLOUD
This project aims to empower data owners as first-class citizens of the cloud.
ESCUDO-CLOUD provides effective and deployable solutions allowing data owners to maintain control over their data when relying on Cloud Service Providers (CSPs) for data storage, processing and management without sacrificing functionality.

WITDOM
This project is producing a framework for end-to-end (E2E) protection of data in untrusted and fast evolving ICT-based environments.
The WITDOM projects focuses in particular on data-outsourcing scenarios, where new threats, vulnerabilities and risks due to new uses require end-to-end security solutions that will withstand progress for the lifetime of applications they support.

SUPERCLOUD
This project is researching and developing a new security and dependability infrastructure management paradigm.
On the one hand, our approach is user-centric for self-service clouds-of-clouds. In other words customers can define their own protection requirements and avoid provider lock-ins.
On the other hand, we are focusing on self-managed services to self-protect clouds-of-clouds. This is expected to reduce administration complexity by means of automation.