TREDISEC is a Research and Innovation Action co-funded by the European Commission under the Horizon 2020 programme.
More details here.
TREDISEC aims at contributing to enhance the security and privacy of existing cloud technologies, while keeping efficiency and cost levels stable.
Currently, when we introduce an improvement in the security of cloud storage, it comes at the expense of higher costs, and lower efficiency results.
TREDISEC encompasses both functional and non-functional demands, and has the ambition to design mechanisms that satisfy security and functional requirements at comparable level.
The project is coordinated by Atos, an international firm leader in digital services, leading a consoritum of European representatives from industry and research institutes from different countries (NEC in UK, Eurecom in France, GRNET in Greece, Arsys in Spain, IBM in Switzerland, SAP SE in Germany and Morpho in France).
The different TREDISEC consortium partners contribute as providers of Cloud services, solutions and infrastructures, participating in the research and development of beyond the state-of-the-art technologies and solutions, in the field of secure and trust-worthy ICT.
TREDISEC has a budget of around 6,5 million €, out of that the European Commission funds around 4,4 million €. The budget is used mainly to cover personnel costs of the entities that take part in the project, to conduct research, develop new innovative technologies, and test them in realistic evaluation scenarios. But also, to manage the project, foster collaboration and regularly disseminate the achievements, and make a technology transfer assessment that turns into a realistic strategy for the exploitation of results, either individually or jointly, by the members of the consortium.
TREDISEC is a 3 years duration project (36 months). The project started on April 1st 2015 and is planned to finish by March 30th 2018.
Most existing solutions are not suitable for the market because they either provide security at the expense of the economy of scale and cost effectiveness of the cloud (e.g. data is encrypted before being outsourced, which prevents any computation to be performed in the cloud), or they meet the latter objectives at the expense of security (e.g., data deduplication and compression optimally use the resources of the cloud provider but require the customer to blindly trust its cloud provider).
The main aim of TREDISEC is to bridge this gap by developing tools and systems to address these shortcomings and to enhance the confidentiality and integrity of data outsourced to the cloud without affecting functionality, and storage efficiency.
From a practical standpoint, the ambition of this project is to develop systems and techniques that make the cloud a secure and efficient place to store data. We plan to step away from a myriad of disconnected security protocols or cryptographic algorithms, and to converge instead on a (possibly standardized) single framework where all objectives are met to the highest extent possible.
The work plan is organised in 7 work packages, whose interdependencies and relations are depicted in the project structure section.
- MS1: Use cases and scenario context definition due at M6 (September 2015).
- MS2: Consolidated requirements and architectural models due at M12 (March 2016).
- MS3: Design of the security primitives and framework due at M20 (November 2016).
- MS4: Implementation of the security primitives and the framework due at M30 (September 2017).
- MS5: Deployment of the Use Cases Evaluation environment due at M33 (December 2017).
- MS6: Final evaluation of TREDISEC due at M36 (March 2018).
The European Commission states that businesses and consumers still do not feel confident enough to adopt cross-border cloud services for storing or processing data, because of concerns relating to security, compliance with fundamental rights and data protection more generally.
Improving security and privacy features contributes to increase the differentiating character, placing on the market services and solutions (new or improved) that are aligned with the european directives of security and privacy. On the other hand, offering services and solutions more secure, users can gain greater control over their data, increasing trust in IT technologies and services online.
Another priority objectives of the EU, is to protect our networks and critical infrastruture and respond effectively to cyber-threats, and have adopted both national and EU-level cybersecurity strategies and regulation.
Currently, cloud infrastructures services are increansingly the more extended option by most business of the EU, therefore protect them against cyber attacks is critical.
Clearly, the development of technologies that allow cloud infrastructures to be stronger and qualified against possible attacks, with a major ability to recover quicker and better after a cyber security incident, results in enhancing security and business preparedness.
Cloud Computing for EU is one of the main competitiveness drivers for all enterprises in EU, independently of its size and sector, therefore it has become one of the main priorities in the European Digital Agenda, and main player in numerous initiatives started up within the member countries.