Community Research and Development Information Service - CORDIS

H2020

MUSA Report Summary

Project ID: 644429
Funded under: H2020-EU.2.1.1.3.

Periodic Reporting for period 1 - MUSA (MUlti-cloud Secure Applications)

Reporting period: 2015-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

Companies are reluctant to adopt cloud computing because of the difficulty in evaluating the trade-off between cloud benefits and the additional security risks and privacy issues it may bring. Most concerns are related to data protection, regulations compliance and other issues due to lack of insight (of controls and governance processes) in the outsourcing of data and applications: data confidentiality, trust on aggregators, control over data and/or code location, and resource assignment in multi-tenancy.
Secure cloud environments are even more challenging today, since they are becoming more and more complex in reference to the number of cloud resource types that are available “as a service”. As the number of cloud models, cloud resources and cloud service providers grow in the market, it becomes theoretically easy (but not necessarily technically) for the cloud consumer to deploy and use multiple cloud solutions at the same time in an integrated way. This means that despite the diverse characteristics of the cloud resources such as own management APIs and own service level offerings (both functional and security), all need to be monitored and managed as an integrated working entity.
The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. A multi-cloud application is a distributed application over heterogeneous cloud resources whose components are deployed in different cloud service providers and still they all work in an integrated way and transparently for the end-user.
Multi-cloud application solutions have to deal with the security of the individual components as well as with the overall application security including the communications and the data flow between the components. Even if each of the cloud service providers offers own security controls, the multi-cloud application has to ensure integrated security across the whole composition.
MUSA project was born with the main objective of supporting the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources, through a security framework that includes: a) security-by-design mechanisms to allow application self-protection at runtime, and b) methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications.
The main impacts of MUSA can be summarized as follows:
• Improve the competitive innovation capacities of European cloud sector by providing multi-cloud application developers and operators (particularly SMEs) with the MUSA security framework which includes open source tools to enable the security-intelligent and integrated lifecycle management of multi-cloud applications.
• Reduce the data security incidents in multi-cloud applications through the assurance of a secure behaviour of individual cloud-based components and the overall application, even if the data are processed and/or stored by untrustworthy or opaque cloud providers.
• Enhance cloud consumers’ trust on clouds by providing them with tools for expressing their security needs and keeping them informed on the security and performance faults of the multiple cloud services in use.
• Boost the adoption of clouds even in advanced applications that use sensitive data, through the demonstration that cloud security risks can be minimized by using MUSA tools.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

In the first 18 months of the project MUSA has finalised the initial version of the MUSA framework architecture and the MUSA guide to explain how the framework supports the engineering of multi-cloud applications.
The focus of the research was on security-by-design methods for multi-cloud applications, particularly formal specification of security controls and metrics in cloud services Service Level Agreements (SLAs), as well as continuous monitoring of security properties stated in the SLA through monitoring agents deployed together with multi-cloud application components. The project has also worked on how to improve the cloud services selection for multi-cloud application on the basis of including security features in the selection criteria and not only business and performance criteria.
The implementation of the tools in the framework has already started and the initial prototypes will be ready for their evaluation in the use cases in November 2016.
Since April 2015, the MUSA project has coordinated the Data Protection, Security and Privacy in Cloud cluster of EU-funded research projects working on these aspects of Cloud computing. As part of this work, the MUSA coordinator was the main editor of two major deliverables of the Cluster, the Map of synergies between the clustered projects and the Whitepaper on Challenges for trustworthy (multi-)Cloud-based services in the Digital Single Market.
In February 2016, the Cluster organised a first joint workshop in Naples where MUSA, as one of the co-organising projects, was presented and participated in a panel on future research challenges of cloud security and privacy.
In June 2016, the Cluster actively participated in Net Futures 2016, with a presentation at the concertation meeting and a booth in the exhibition area that was visited by Digital Economy & Society Commissioner Günther Oettinger.
The consortium has also analysed the market opportunities for MUSA framework components, set out the basis for the IPR protection and devised the initial business models for them. As part of exploitation activities, in March 2016, MUSA organised a workshop with Data Centre Alliance (DCA), Cloud Security Alliance (CSA) and Cloud Industry Forum (CIF) to present them MUSA and discuss on the business challenges for decision support systems for multi-cloud applications, with the focus of supporting the exploitation of EU SME cloud providers’ services. From this workshop a win-win collaboration with SLA-Ready project was initiated to enhance the decision support tool in MUSA with information on SLA-Ready cloud providers repository and to make the SLA-Ready repository more easy to use.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

MUSA will primarily contribute to the Europe 2020 Strategy in the following way:
• MUSA will benefit greater interoperability and boost internet trust and security with regards to cloud services. In line with EU Data protection Reform and recently approved NIS Directive, MUSA will help European citizens consuming multi-cloud applications that really respect their data protection needs. These applications will serve the Single Market as they will be able to work over diverse cloud providers pursuing the interoperation of multi-clouds.
• MUSA will support the innovation-friendly environment by helping entrepreneur business and citizens creating security-intelligent multi-cloud products through the use of open-source tools offered in MUSA framework.
• The MUSA key results create new job markets for service providers, and MUSA partners are committed to education and technology transfer.

By successfully achieving its objectives, MUSA project will significantly contribute to realising the full potential of the services sector as pursued by the EU Single Market Services Directive, particularly in relation to cloud services market. The project will help to achieve the following advantages:
• Increased competitiveness of EU services and industry, with respect to EU cloud services and cloud-based services by providing tools supporting smart multi-cloud applications.
• Better and broader choice and lower prices for service recipients, helping in the choice of adequate cloud-resources with respect to security, costs and functionality needs.
• More rights for service recipients, allowing cloud consumers express and control their data protection options are respected by both the multi-cloud application and the cloud resources underneath.
• Better supervision of service providers, with respect to cloud services providers through the use of MUSA security assurance platform.

Related information

Record Number: 192952 / Last updated on: 2016-12-16