Today, despite its unravelling business benefits, distributed cloud computing raises many security and dependability concerns. Root causes include increase in complexity and lack of interoperability between heterogeneous, often proprietary infrastructure technologies. SUPERCLOUD thus proposes new security and dependability infrastructure management paradigms that are : 1) user-centric, for self-service clouds-of-clouds where customers define their own protection requirements and avoid lock-ins; and 2) self-managed, for self-protecting clouds-of-clouds that reduce administration complexity through automation. SUPERCLOUD will reach the following objectives: -Self-Service Security: Implementation of a cloud architecture that gives users the flexibility to define their own protection requirements and instantiate policies accordingly. -Self-Managed Security: Development of an autonomic security management framework that operates seamlessly over compute, storage and network layers, and across provider domains to ensure compliance with security policies. -End-to-End Security: Proposition of trust models and security mechanisms that enable composition of services and trust statements across different administrative provider domains. -Resilience: Implementation of a resource management framework that composes provider-agnostic resources in a robust manner using primitives from diverse cloud providers. The SUPERCLOUD methodology will be validated by testbed integration for real-world use cases in the healthcare domain, ranging from deploying a distributed medical imaging platform to running a full laboratory information system. The consortium is industry-led with partners actively involved in promotion of open source cloud technologies and contributing to major standardization bodies in cloud security, inter-cloud architectures, security protocols, and SDN. SUPERCLOUD will leverage its expertise in these domains to promote and ensure market validity of the research findings.

Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. These questions are currently not answered satisfactorily by existing technologies. Furthermore, recent developments in the wake of the expansive and sometimes unauthorized government access to private and sensitive data raise major privacy and security concerns about data located in the cloud, especially when data is physically located, processed, or must transit outside the legal jurisdiction of its rightful owner. This is exacerbated by providers of cloud services that frequently move and process data without notice in ways that are detrimental to the users and their privacy. SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be (1) partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design; (2) entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity. These two principles (partitioning and entanglement) are thus applied holistically across the entire data management stack, from communication to storage and processing. Users will control the choice of non-colluding domains for partitioning and the tradeoffs between entanglement and performance, and thus will have full control over what happens to their data. This will make users less reluctant to manage their personal data online due to privacy concerns and will generate positive business cases for privacy-sensitive online applications such as the distributed cloud infrastructure and medical record storage platform that we address.