Cloud computing is a delivery model of computing as a service rather than a product. Services (i.e., resources, software and data)
are provided to computers and other devices as utilities over a network. The services themselves are referred as Cloud services.
Applications that use these cloud services by means of APIs are referred to as Cloud-based applications. Cloud-based applications
are designed in a distributed and multi-party environment: they consume a multitude of third-party Cloud services and rely on
infrastructures and/or platforms hosted in external data centers. The multi-party and distributed nature of cloud-based applications
requires particular care with respect to security; the authentication and authorisation of users, as well as the confidentiality
and integrity of their data.

Although several technologies and solutions are now emerging both in academia and in the industry,
they only address parts of the security problems for Cloud-based applications. As a result, Cloud-based application providers are
faced with difficulties when linking and bundling them into a workable security solution for their specific context.

Security of
Cloud-based applications requires a holistic and proactive approach. The approach lies in good knowledge of security risks
specific to Cloud-based applications. This knowledge must be built upon different aspects of the security problems; not only technical
aspects but also organizational and societal ones.

The overall goal is to research whether it is feasible to address the above
needs by:

Performing scientific research with respect to the conception of a holistic & coherent set of tools, technologies
and techniques that will allow the software industry to proactively think about security in their Cloud-based applications whether
SaaS or Mobile. The four considered perspectives are architecture, infrastructure, programming and process.

Conceiving a
dedicated security risk management model targeted towards Cloud-based application builders (e.g., risk evaluation, mitigation responses
to critical risks, vulnerabilities and threats).

Involving the industry as validator of the two above goals through a
dedicated industrial platform. The platform consists of different deliverables with objectives ranging from awareness creation up to
adoption of the project results in 2 industrial target groups: software companies and technology providers and consultancies.
Web site: http://www.securit-brussels.be/project/secloud/