Cloud computing is a delivery model of computing as a service rather than a product. Services (i.e., resources, software and data) are provided to
computers and other devices as utilities over a network. The services themselves are referred as Cloud services. Applications that use these cloud services by
means of APIs are referred to as Cloud-based applications. Cloud-based applications are designed in a distributed and multi-party environment: they consume a
multitude of third-party Cloud services and rely on infrastructures and/or platforms hosted in external data centers. The multi-party and distributed nature
of cloud-based applications requires particular care with respect to security; the authentication and authorisation of users, as well as the
confidentiality and integrity of their data.

Although several technologies and solutions are now emerging both in academia and in the industry, they only address
parts of the security problems for Cloud-based applications. As a result, Cloud-based application providers are faced with difficulties when linking and
bundling them into a workable security solution for their specific context.

Security of Cloud-based applications requires a holistic and proactive approach.
The approach lies in good knowledge of security risks specific to Cloud-based applications. This knowledge must be built upon different aspects of the
security problems; not only technical aspects but also organizational and societal ones.

The overall goal is to research whether it is feasible to address
the above needs by:

Performing scientific research with respect to the conception of a holistic & coherent set of tools, technologies and techniques
that will allow the software industry to proactively think about security in their Cloud-based applications whether SaaS or Mobile. The four considered
perspectives are architecture, infrastructure, programming and process.

Conceiving a dedicated security risk management model targeted towards Cloud-based
application builders (e.g., risk evaluation, mitigation responses to critical risks, vulnerabilities and threats).

Involving the industry as validator
of the two above goals through a dedicated industrial platform. The platform consists of different deliverables with objectives ranging from awareness
creation up to adoption of the project results in 2 industrial target groups: software companies and technology providers and consultancies.
Site web: http://www.securit-brussels.be/project/secloud/