04. – 09. Dezember 2011, Dagstuhl-Seminar 11492

Secure Architectures in the Cloud


Sabrina De Capitani di Vimercati (University of Milan, IT)
Wolter Pieters (TU Delft, NL)
Christian W. Probst (Technical University of Denmark – Lyngby, DK)
Jean-Pierre Seifert (TU Berlin, DE)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Dagstuhl Report, Volume 1, Issue 12 Dagstuhl Report
Programm des Dagstuhl-Seminars [pdf]

Press Room


In cloud computing, data storage and processing are offered as a service, and the data resides outside the control of the owner. It is often argued that clouds improve security, as the providers have more security expertise than their (smaller) customers. However, despite theoretical breakthroughs in cryptography, there is little consensus on how we can provide architectural solutions guaranteeing that cloud data remains confidential, uncorrupted, and available. Also, it is unclear to what extent parties can be held accountable in case something goes wrong. In this seminar, we search for architectures, modelling approaches and mechanisms that can help in providing guarantees for cloud security. The main question is which cloud-specific security architectures should and could be devised, and how they can be matched to security policies. The seminar brings together researchers from different communities to propose integrated solutions and research directions that transcend disciplines.

Four main topics are suggested for the seminar:

  1. Data protection
    Data outside the data owner’s control implies that privacy and even integrity can be put at risk, and that adequate access control must be in place. In this context, cloud implementations have to conform to existing legal standards, but they also challenge these. For example, new approaches have emerged for identifying persons and roles and linking them to access privileges, such as identity-, attribute-, claims- and data-based access control. We will discuss challenges of the cloud to the notions of identity, privacy and accountability, their legal, ethical, and architectural implications, and possible solutions.
  2. Simulating physical constraints in the cloud
    In the cloud, we cannot easily enforce where data is stored and how long, and from where it is accessed. Location-based access control aims at limiting access to specific locations, thereby seemingly putting physical limitations back in place. Measures proposed include use of GPS, trusted platform modules (TPMs), but also physically unclonable functions (PUFs). Also, data could be moved away from attacks. With respect to time, mechanisms have been proposed to assure deletion of data in the cloud (e.g. Vanish, Ephemerizer). We will assess to which extent these approaches are sufficient to simulate physical constraints, and which extensions are possible.
  3. Misuse detection
    Many methods have been proposed for intrusion detection, penetration testing and digital forensics. Are these sufficient for cloud environments? The seminar will identify necessary adaptations to system and threat models as well as security metrics, to adequately indicate which attacks are possible and which are actually happening, and thereby reduce cybercrime.
  4. Splitting the clouds
    Public clouds, containing data from different parties, are not deemed suitable for particularly sensitive information. This means that decisions will have to be made about which data to put in the cloud and which data not, which security properties to outsource and which not, and how to make sure that the entire system conforms to the security requirements. The seminar will propose suitable architectures for “splitting the clouds”. For example, in “security-as-a-service”, not only IT infrastructure is rented, but also the security that is added to it. For authentication this seems to work pretty well, but how far can this concept be stretched to other security properties such as confidentiality and integrity?

Processing encrypted data was discussed in the parallel seminar 11491 Secure Computing in the Cloud. This report covers the results of the seminar on Secure Architectures in the Cloud, abstracts of presentations, and proceedings of the working groups. The topics have been restructured during the seminar, and we will refer back to the topics originally proposed where appropriate. Several follow-up initiatives have been assigned to the participants.


  • Security / Cryptography
  • Modelling / Simulation
  • Sw-engineering


  • Cloud computing
  • Security architectures
  • Security modelling
  • Cryptology


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.