December 4 – 9 , 2011, Dagstuhl Seminar 11492

Secure Architectures in the Cloud


Sabrina De Capitani di Vimercati (University of Milan, IT)
Wolter Pieters (TU Delft, NL)
Christian W. Probst (Technical University of Denmark – Lyngby, DK)
Jean-Pierre Seifert (TU Berlin, DE)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 1, Issue 12 Dagstuhl Report
List of Participants
Dagstuhl Seminar Schedule [pdf]

Press Room


In cloud computing, data storage and processing are offered as a service, and the data resides outside the control of the owner. It is often argued that clouds improve security, as the providers have more security expertise than their (smaller) customers. However, despite theoretical breakthroughs in cryptography, there is little consensus on how we can provide architectural solutions guaranteeing that cloud data remains confidential, uncorrupted, and available. Also, it is unclear to what extent parties can be held accountable in case something goes wrong. In this seminar, we search for architectures, modelling approaches and mechanisms that can help in providing guarantees for cloud security. The main question is which cloud-specific security architectures should and could be devised, and how they can be matched to security policies. The seminar brings together researchers from different communities to propose integrated solutions and research directions that transcend disciplines.

Four main topics are suggested for the seminar:

  1. Data protection
    Data outside the data owner’s control implies that privacy and even integrity can be put at risk, and that adequate access control must be in place. In this context, cloud implementations have to conform to existing legal standards, but they also challenge these. For example, new approaches have emerged for identifying persons and roles and linking them to access privileges, such as identity-, attribute-, claims- and data-based access control. We will discuss challenges of the cloud to the notions of identity, privacy and accountability, their legal, ethical, and architectural implications, and possible solutions.
  2. Simulating physical constraints in the cloud
    In the cloud, we cannot easily enforce where data is stored and how long, and from where it is accessed. Location-based access control aims at limiting access to specific locations, thereby seemingly putting physical limitations back in place. Measures proposed include use of GPS, trusted platform modules (TPMs), but also physically unclonable functions (PUFs). Also, data could be moved away from attacks. With respect to time, mechanisms have been proposed to assure deletion of data in the cloud (e.g. Vanish, Ephemerizer). We will assess to which extent these approaches are sufficient to simulate physical constraints, and which extensions are possible.
  3. Misuse detection
    Many methods have been proposed for intrusion detection, penetration testing and digital forensics. Are these sufficient for cloud environments? The seminar will identify necessary adaptations to system and threat models as well as security metrics, to adequately indicate which attacks are possible and which are actually happening, and thereby reduce cybercrime.
  4. Splitting the clouds
    Public clouds, containing data from different parties, are not deemed suitable for particularly sensitive information. This means that decisions will have to be made about which data to put in the cloud and which data not, which security properties to outsource and which not, and how to make sure that the entire system conforms to the security requirements. The seminar will propose suitable architectures for “splitting the clouds”. For example, in “security-as-a-service”, not only IT infrastructure is rented, but also the security that is added to it. For authentication this seems to work pretty well, but how far can this concept be stretched to other security properties such as confidentiality and integrity?

Processing encrypted data was discussed in the parallel seminar 11491 Secure Computing in the Cloud. This report covers the results of the seminar on Secure Architectures in the Cloud, abstracts of presentations, and proceedings of the working groups. The topics have been restructured during the seminar, and we will refer back to the topics originally proposed where appropriate. Several follow-up initiatives have been assigned to the participants.


  • Security / Cryptography
  • Modelling / Simulation
  • Sw-engineering


  • Cloud computing
  • Security architectures
  • Security modelling
  • Cryptology


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.