CUMULUS: Certification infrastrUcture for MUlti-LAyer cloUd Services

George Spanoudakis
Topics recommended for the 2016-2017 Work Programme: 
  • Integrated security development environments supporting security, privacy and resilience-by-design
  • Autonomic security
  • Automated security certification models and continuously verifiable certification processes
  • Joint calls with third countries
Projects major results: 

(a) New automated and evidenced based models and processes for certifying the security of cloud services.

(b) Test-, monitoring- and TPM-based tools to support the certification of security of cloud services.

(c) Processes and tools to support the use of cloud service security certificates in engineering systems using these services.

(d) Integrated security certification framework able to orchestrate or trigger the use under demand of the aforementioned processes

(e) (a)-(d) are expected to reach at least TRL 5 (according to NASA scale)

Potential exploitation strategy: 

CUMULUS has identified an initial set of five potential customer segments of its outcomes (i.e., Cloud Service Providers (CSP), Certification Authorities (CA), Auditors (AU), Application Developers (AD) and Service Consumers (SC)) and is exploring a range of different value propositions (i.e., bundles of project outcomes) for each of these segments.

Project outcomes address the following segments of the ICT security markets: Trusted platforms, Cloud service security, Security Engineering, Security as a Service, and Security certification.

An update since the last Concertation meeting (March 2014): 

CUMULUS has collaborated with SECCRIT and A4Cloud.