Notas de Prensa

CUMULUS Research Project Investigates Certification Infrastructure for Multi-Layer Cloud Services

The project name is related to the cumulus cloud type in meteorology, a cloud that can have noticeable vertical development.

28-02-2013 | Publicado en Notas de prensa

Rome, Italy – February 28th, 2013 – Eight partners from European science and industry have joined forces in the CUMULUS research project to investigate how in future cloud services can be made more secure and trustworthy for end users. Cloud computing is the use of hardware and software resources that are delivered as a service over a network. The partners are Fondazione Ugo Bordoni, Atos, The City University of London, Universidad de Málaga, Università degli Studi di Milano, Infineon Technologies AG, Wellness Telecom and the Cloud Security Alliance (Europe).

CUMULUS stands for “Certification infrastrUcture for MUlti-Layer cloUd Services”. The project name is related to the cumulus cloud type in meteorology, a cloud that can have noticeable vertical development. This is an analogy to the vertical structure of services in cloud computing, which security and trustworthiness shall be optimized and standardized in the CUMULUS project.Cloud technology offers a powerful approach to the provision of infrastructure, platform and software services without incurring the considerable costs of owning, operating and maintaining the computational infrastructures required for this purpose.

Despite its appeal from a cost perspective, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. Such concerns arise from the difficulty to guarantee security properties of the different types of services available through clouds. Service providers are reluctant to take full responsibility of the security of their services once the services are uploaded and offered through a cloud. Also, cloud suppliers have historically refrained from accepting liability for security leaks. This reluctance stems from the fact that the provision and security of a cloud service is sensitive to changes due to cloud operation, as well as to potential interference between the features and behavior of all the interdependent services in all layers of the cloud stack. Still many cloud users, including institutional ones, would like to rely on cloudbased services they use to exhibit certified security properties.

CUMULUS will address these limitations by developing an integrated framework of models, processes and tools supporting the certification of security properties of infrastructure (IaaS), platform (PaaS) and software application layer (SaaS) services in cloud. CUMULUS framework will bring service users, service providers and cloud suppliers to work together with certification authorities in order to ensure security certificate validity in the ever-changing cloud environment.

CUMULUS will rely on multiple types of evidence regarding security, including service testing and monitoring data and trusted computing proofs, and based on models for hybrid, incremental and multilayer security certification. Whenever possible, evidence gathering will build upon existing standards and practices (e.g., interaction protocols, representation schemes etc.) regarding the provision of information for the assessment of security in clouds. To ensure large-scale industrial applicability, the CUMULUS framework will be evaluated in reference to cloud application scenarios in some key industrial domains, namely Smart Cities and eHealth services and applications.

The CUMULUS project was started in October 2012 and will end in September 2015. The research work receives funding from the European Union’s Seventh Framework Programme (FP7) in order to further develop Europe’s foothold as a leading innovator in the sphere of cloud technology, especially with respect to the security and trustworthiness of cloud services.

CUMULUS is aligned with the recommendations of a recent industrial consultation to the European Commission that identified certification of cloud services as an enabling technology for building trust for end users through the deployment of standards and certification schemes relevant to cloud solutions, and included it in the ten key recommendations and actions for a cloud strategy in Europe. The CUMULUS project has a total budget of about Euro 4.35 Million. The European Union contributes Euro 2.94 Million, while the partners from business and research are shouldering the rest.

About Wellness Telecom

Wellness Telecom ( is an IT company located in Seville, Spain. Its main specialization areas are based on horizontal IT technologies applied to different action fields: Cloud Computing, Smart City, Energy, Environment, etc. In CUMULUS project, Wellness Telecom will provide cloud services and scenarios (Smart Lighting) for the validation phase. It will also participate in the definition of security specifications for the certification cloud services. Furthermore, it will lead some dissemination and exploitation activities due to its commercial experience.

This news release is available online on the CUMULUS web site