Community Research and Development Information Service - CORDIS


SUNFISH Report Summary

Project ID: 644666
Funded under: H2020-EU.

Periodic Reporting for period 1 - SUNFISH (SecUre iNFormation SHaring in federated heterogeneous private clouds)

Reporting period: 2015-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

SUNFISH, which stands for “SecUre iNFormatIon SHaring in federated heterogeneous private clouds”, is a Research and Innovation project funded under the first Horizon 2020 call dedicated to ICT, specifically to Advanced Cloud Infrastructure and Services.
SUNFISH is currently working on the development of advanced Cloud Infrastructure and Services; in particular, the general problem addressed by the project consortium is the lack of infrastructure and reliable technologies that can enable Public Sector bodies to federate their private cloud infrastructure.
SUNFISH’s final goal is therefore to develop and integrate a new technology and a software platform enabling secure federation of Cloud infrastructure, with a particular focus on the public sector’s requirements.
Thanks to this, three major objectives are being achieved:
1. Possibility to integrate different public sector “clouds”, ensuring information security;
2. Greater efficiency in the use of IT infrastructure;
3. A new impetus to the development of services for EU citizens who may benefit from sensitive data shared securely between different private clouds.
In this context, SUNFISH has to deal with various key challenges:
1. eGovernment solutions are rapidly moving towards the adoption of private clouds. However, the few public bodies able to start this process are facing the problem of integrating services provided by their own private cloud with data and services provided by external private clouds. The task becomes even more challenging when information and data has to be shared among private cloud platforms and public cloud infrastructure, provided in this case by private companies. Moreover, in most cases, the typically complex security policies of Public Sector bodies cannot easily fit into public type cloud platforms, thus aggravating the complexity of integration of “hybrid” cloud models.
2. Storage of information in the cloud is considered an acceptable risk only if the long-term security and confidentiality of data can be guaranteed effectively.
3. Furthermore, choosing to store data on external systems could potentially expose to the risk of data being stolen or used for fraudulent purposes.
The consortium comprises 11 heterogeneous organisations (Public Bodies, Universities, IT Developers, SMEs, R&D Institutes), coming from 6 different countries (Italy, UK, Israel, Estonia, Malta, and Austria), under formal coordination of the Italian Ministry of Finance (MEF).
In particular these are:
• Ministry of Finance, MEF, Italy
• Malta Information Technology Agency, MITA, Malta
• Sapienza Università di Roma, UNIROMA1, Italy
• PricewaterhouseCoopers, PwC, Italy
• IBM Israel, IBM ISRAEL, Israel
• Secure Information Technology Center, A-SIT, Austria
• Graz University of Technology, TU GRAZ, Austria
• University of Southampton, SOTON, UK
• Ministry of Finance, MFIN, Malta
• South East Regional Organised Crime Unit, SEROCU, UK
• Cybernetica, CYBER, Estonia
So far, all the organizations involved have worked together developing a collaborative environment, and achieving consistent results in short time. The governing culture of the SUNFISH project is based on democracy, co-determination and clear leadership. Major fields of activity for the management team are the coordination of work, the integration of heterogeneous and different cultures and project administration. This structure is appropriate to the complexity and scale of the project. The SUNFISH project started on the 1st of January 2015 and is planned to run for 36 months, ending on the 31st of December 2017.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

During the first reporting period of the SUNFISH project, two major milestones have been achieved, namely the Public Sector organisations requirements and use cases initial definition, as well as the first version of SUNFISH’s framework. In particular, this second milestone has been completed in advance to what originally planned, so to provide as soon as possible an initial conceptual outline to the consortium, necessary for the deployment of all other project activities.
In the context of the first milestone achieved instead, a detailed description of the three use cases of the SUNFISH project has been completed, collecting contributions and engaging directly the public sector organisations involved. In addition, a list of functional and non-functional requirements has been developed, through a joint identification process distributed among all participating organisations. Preparatory to this, an extensive state-of-the-art analysis was carried out.
During the project’s first reporting period -in addition to standard planning and project management tasks completed-, many concrete results have been already reached:
• The first public sector organisation requirements and use cases definition has been completed;
• A threat model has been defined;
• An initial impact assessment has been carried out;
• SUNFISH’s framework has been designed;
• A data security policy language has been defined;
• A baseline for the SLA definition language has been defined as well;
• Ad-hoc policies concerning security and monitoring have been selected;
• Specific techniques for data masking and cryptography have been defined.
Moreover, cooperation and synergies with similar relevant initiatives have been explored, and recently contacts with the Horizon 2020 project SLALOM ( have been established, in order to exploit the SLALOM model for describing SUNFISH’s SLAs. Soon - by the end of 2016 - a SUNFISH framework prototype (initial release) will be developed and the entire Consortium is currently focused on this goal.
In addition to the technical achievements characterizing the first reporting period, the SUNFISH consortium of organisations, has been busy also carrying out numerous disseminations and communication actions finalised to present the project and its initial outcomes, including production and distribution of news items and publications also through the project’s website, launched in April 2015, and linked also to a dedicated Twitter account. In particular, already more than 12 scientific publications connected to the project have been produced by the consortium’s research organisations and published, and over 10 external events were attended by members of the consortium, who had the chance to present the project. Furthermore, 3 public workshops have been already organised in the framework of the project (respectively in Rome, in Lisbon -during the EU ICT 2015 international event-, and in Winchester), as well as also four general partner meetings. Finally, also the general public has been targeted through the project’s communication activities, via a number of press releases that recently led also to articles published on newspapers and web portals.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

The SUNFISH platform is meant to ensure a high level of security and a continuous monitoring of the inter-cloud communications, while implementing cheap services, quickly, flexibly and securely between different private clouds. The solution is being developed mainly for European public organisations, and potentially also private sector companies could benefit from it.
The implementation of the platform will provide evidence of how cloud-based services in heterogeneous and multi-layered cloud environments can be federated. All this assuring a durable impact, putting users and data owners in full control over how their data is shared, processed and stored in a federation of private and public clouds, including addressing the new challenges related to security aspects.
The federation could serve as the vehicle for the development of a cloud infrastructure for the entire Public Sector, overcoming the present fragmentation among a myriad of obsolete data centers, inefficient and with a low degree of security assurance. In general, the project is contributing to generate:
• Economic value, reducing the investment required for cloud adoption and reducing the risk of cyber-attacks that currently generate high economic losses.
• Social value, promoting public trust in cloud technologies while increasing their uptake, even with innovation impact on both public and private bodies.
• Environmental value, improving the use of resources while reducing energy consumption.

Related information

Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top