Secure Data Processing in the Cloud

Secure cloud computing is key for business success and end-user adoption of federated and decentralised cloud services and thus essential to stimulate the growth of the European Digital Single Market. RestAssured will provide solutions to specific technical concerns of data protection in the cloud (such as geo-location restrictions on personal data), which are imposed by the dynamic, multi-stakeholder and decentralized nature of federated cloud systems.

These concerns mean that privacy and security by design approaches will no longer be sufficient, due to uncertainty at design time of how the cloud and privacy requirements may dynamically evolve and change at run time. To this end, RestAssured provides novel mechanisms and cloud architectures for the runtime detection, prediction and prevention of data protection violations.

RestAssured will assure the protection of sensitive business and citizen data in the cloud by combining four pillars of innovation: (1) combination of fully homomorphic encryption to process data without decryption, with cloud enablement of SGX hardware for protected data processing; (2) sticky policies for decentralized data lifecycle management; (3) models@runtime for data protection assurance; (4) automated risk management for run-time data protection.


The applicability and usefulness of the RestAssured solutions will be demonstrated through three use cases driven by project partners and involving other stakeholders from outside the consortium; High-Performance Computing for commercial enterprises; Pay As You Drive usage-based insurance; and self-directed social care for vulnerable adults and social care providers. The main impact of RestAssured will be to enable the free and seamless movement of data within the EU, whilst assuring conformance to data protection regulations, such as the EU Data Protection Directive and its successor the General Data Protection Regulation.



ICT-06-2016: Cloud Computing 

Project Type

Research and Innovation Action


01.01.2017 – 31.12.2019

Principal Investigator

Paul Mundt

european flagThis project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 731678.

Adaptant's Role in the Project

As a consortium member, Adaptant is taking the lead role in technology use case validations. The use cases include:

  • automobile usage-based insurance (UBI), which focuses upon GDPR regulatory compliance of connected car telematics;
  • a health care application handling sensitive personal data securely and legally (GDPR compliant) within public cloud infrastructure (led by consortium partner OCC);
  • a High-performance computing (HPC) use case for leveraging the cost benefits of public cloud infrastructures against the need to secure highly sensitive corporate data and analysis results.

Owing to the cross-disciplinary reach and diversity of the use cases, contributions will be made to the overall project architecture, testbed, and methodology. Technical contributions will focus not only on the secure cloud data processing and execution environment, but also on decentralized data lifecycle management. Adaptant will also contribute to the exploitation of project results, innovation management, and standardization activities beyond the time horizon of the project.   

Project Deliverables

D1.1 - POPD - Requirement No. 1

D1.2 - Requirement No. 5 - Ethics

D2.1 Project Management and Quality Assurance Handbook

D3.1 - Initial High Level Architecture

D3.2 - First High Level Architecture & Methodology

D4.1 - Conceptual Foundation of the RestAssured Secure Enclave

D5.1 - Concept for End-User Privacy Policy Violation Detection

D6.1 - Methodology for Decentralized Data Lifecycle Management

D7.1 - RestAssured Security and Privacy Engineering Methodology

D8.1 - First Validation Plan

This report presents the stakeholders and user stories of the RestAssured project use cases, together with the requirements and initial validation plans for each. This report feeds back into the core RestAssured architecture, platform and methodology as well as the technical RestAssured work packages concerning the design and implementation of each of the project’s pillars of innovation.


D8.2 - First Validation Results

The purpose of this report is to present the preliminary validation results of the RestAssured solution and technologies, both individually as standalone components, as well as through their integrated application in a diverse set of project use cases, building on the initial use case validation plan outlined in D8.1.

D9.2 - Impact Plan

D9.3 - First Impact and Innovation Management Summary Report

Consortium Members