Cloud computing is a delivery model of computing as a service rather than a product. Services (i.e., resources, software and data)
are provided to computers and other devices as utilities over a network. The services themselves are referred as Cloud services.
Applications that use these cloud services by means of APIs are referred to as Cloud-based applications. Cloud-based applications
are designed in a distributed and multi-party environment: they consume a multitude of third-party Cloud services and rely on
infrastructures and/or platforms hosted in external data centers. The multi-party and distributed nature of cloud-based applications
requires particular care with respect to security; the authentication and authorisation of users, as well as the confidentiality
and integrity of their data.

Although several technologies and solutions are now emerging both in academia and in the industry, they only address parts of
the security problems for Cloud-based applications. As a result, Cloud-based application providers are faced with difficulties when
linking and bundling them into a workable security solution for their specific context.

Security of Cloud-based applications requires a holistic and proactive approach. The approach lies in good knowledge of security
risks specific to Cloud-based applications. This knowledge must be built upon different aspects of the security problems; not
only technical aspects but also organizational and societal ones.

The overall goal is to research whether it is feasible to address the above needs by:

Performing scientific research with respect to the conception of a holistic & coherent set of tools, technologies and
techniques that will allow the software industry to proactively think about security in their Cloud-based applications whether SaaS or
Mobile. The four considered perspectives are architecture, infrastructure, programming and process.

Conceiving a dedicated security risk management model targeted towards Cloud-based application builders (e.g., risk evaluation,
mitigation responses to critical risks, vulnerabilities and threats).

Involving the industry as validator of the two above goals through a dedicated industrial platform. The platform consists of
different deliverables with objectives ranging from awareness creation up to adoption of the project results in 2 industrial target
groups: software companies and technology providers and consultancies.
Site web: http://www.securit-brussels.be/project/secloud/