SeCloud: Security-driven Engineering of Cloud-based applications
You are here: Home \ Projects \ SeCloud

Cloud computing is a delivery model of computing as a service rather than a product. Services (i.e., resources, software and data) are provided to computers and other devices as utilities over a network. The services themselves are referred as Cloud services. Applications that use these cloud services by means of APIs are referred to as Cloud-based applications. Cloud-based applications are designed in a distributed and multi-party environment: they consume a multitude of third-party Cloud services and rely on infrastructures and/or platforms hosted in external data centers. The multi-party and distributed nature of cloud-based applications requires particular care with respect to security; the authentication and authorisation of users, as well as the confidentiality and integrity of their data.

Although several technologies and solutions are now emerging both in academia and in the industry, they only address parts of the security problems for Cloud-based applications. As a result, Cloud-based application providers are faced with difficulties when linking and bundling them into a workable security solution for their specific context.

Security of Cloud-based applications requires a holistic and proactive approach. The approach lies in good knowledge of security risks specific to Cloud-based applications. This knowledge must be built upon different aspects of the security problems; not only technical aspects but also organizational and societal ones.

The overall goal is to research whether it is feasible to address the above needs by:

  • Performing scientific research with respect to the conception of a holistic & coherent set of tools, technologies and techniques that will allow the software industry to proactively think about security in their Cloud-based applications whether SaaS or Mobile. The four considered perspectives are architecture, infrastructure, programming and process.
  • Conceiving a dedicated security risk management model targeted towards Cloud-based application builders (e.g., risk evaluation, mitigation responses to critical risks, vulnerabilities and threats).
  • Involving the industry as validator of the two above goals through a dedicated industrial platform. The platform consists of different deliverables with objectives ranging from awareness creation up to adoption of the project results in 2 industrial target groups: software companies and technology providers and consultancies.

The SeCloud consortium consists of 11 multi-disciplinary partners. All partners have strong references as regards their scientific contribution to one perspective, and they will all contribute to realize the common goals in this project (risk management and industrial platform).

Project contributions by partner

EHB | Design & Technologie


Read more

SIRRIS | ICT & Software

Contributions (short summary). Sirris contributes to the WP 3, WP 4, WP 5, WP 6 and WP7. However, the main contributions of Sirris are in WP4 and WP 7. In WP 4, Sirris contributes significantly on the definition of general secure architecture for cloud-based applications and the definition of cloud security patterns to be used as the best practice and guidelines for building secure and privacy-aware cloud-based applications. In WP 7, Sirris contributes to the overall management and coordination of the project, ensuring an efficient administration and coordination of all project activities, focused to the objectives of the project. Read more here.

UCL | Crypto Group

UCL/Crypto Group contributes to the study of security improvement by using distributed architecture. Read more here.


UCL/LVL created a model checker that operates on the graphs produced by JIPDA. Model checking is a technique that can statically verify whether a system (in this case the runtime behavior of an application) satisfies certain security properties. For this project, the job of the model checker, therefore, is to statically verify whether security properties expressed through Guardia policies are upheld by an application. Read more here.


Contributions. ULB/CoDE contributes to the architectural prespective of SeCloud, specifically to the Data as a Service architecture WP 4. We have proposed a novel model for a data marketplace. A data marketplace is an online platform that allows data sellers and buyers to meet and perform transactions. It is are analogous to product marketplaces such as amazon, ebay, and wish, with the difference of being specialized for data trading. A data marketplace takes the technical difficulties of building a data trading portal off the seller. Furthermore, since a marketplace has the chance to collect data from multiple sources, it can offer value-added services such as visualizations, dashboards, even data linkage across multiple sources. For the buyer, a marketplace refers to a vast compilation of datasets, an array of providers, and competitive prices. Read more here

ULB | iCite

ULB/iCite  contributes in SaaS security management. Read more here.


The security of cryptographic tools is based on computational complexity assumptions. Recent history shows examples when a rapid growth of computational power invalidated such assumptions making insecure widely used cipher codes. Eventual arrival of quantum computers threatens the security of public key cryptography based on RSA protocols. At the same time Quantum technologies propose cryptographic tools whose security does not rely upon computational complexity assumptions but is based on the laws of quantum physics. Our objective was to develop and study authentication protocols exploiting such schemes for improving security of cloud-based SaaS applications. Read more here.

ULB | Qualsec 

We are living in an electronic age where most of the communications and transactions happen over the computers, mobile phones and other similar electronic devises. At one hand, it is matter of research to explore new advancements in information technology to make these communications easy and efficient, while on the other hand it is also a subject of paramount attention to achieve the desired security in these communications. More precisely in the view of current practice and requirement it is a concern of highest interest to achieve both the features together i.e. to achieve a communication on the efficiently accessible platform with desired measure of security. Read more here.


VUB/COMO has applied machine learning to predict interaction results of web and cloud applications with external services. This interaction model is consumed by JIPDA to effectively analyze web and cloud applications that typically orchestrate over various third-party external services. VUB/COMO also developed a technique using machine learning to predict the presence of sources and sinks in an application to assist developers in specifying security policies. Read more here.


VUB/LSTS contributes in the aspect of data protection law in Cloud. VUB/LSTS works mainly on EU data protection law perspective of secloud. Read more here.


VUB/SOFT contributed to WP2, which concerns the investigation of programming technology that can be applied at a sustainable effort to safeguard application-specific security concerns. VUB/SOFT. More specifically, VUB/SOFT created a language for specifying application-specific security policies and developed techniques and tools for statically (before running the program) and dynamically (while running the program) analyzing web and cloud applications to detect whether these security policies are violated or not. Read more here

Projects Partners

Projects Sponsors