Project Description

  • Start date: 01/11/2013
  • End date: 30/10/2016
  • Duration (months): 36


  • Total budget: € 10.500.000
  • Lab Budget: € 278.400
  • Number of partners: 18
  • Partners: Technikon Forschungs und Planungsgesellschaft mbH, SAP AG, Technische Universitaet Darmstadt, Alexandra Instituttet A/S, Arcelik A.S., Bar Ilan University, Cybernetica AS, Julius-Maximilians Universitaet Wuerzburg, Intel GMBH, Katholieke Universiteit Leuven, INESC Porto – INstituto de Engenharia de Sistemas e Computadores do Porto, Aarhus Universitet, Technische Universiteit Eindhoven, University of Bristol, DTA – Distretto Tecnologico Aerospaziale, Università degli Studi di Milano, Partisia, Georg-August-Universitaet Goettingen Körperschaft des oeffentlichen Rechts.
The mission of PRACTICE (GA 609611) is to design cloud computing tech­nologies that allow computations in the cloud while keeping the input data secret thus enabling new business processes. Unlike today – where process participants can access sensitive data – PRACTICE will prevent cloud providers and other unauthor­ized parties from obtaining secret or sensitive information.

Information processed by businesses, government organizations and individuals often comes with confidentiality and integrity requirements that the processing party must adhere to.

Cloud services promise great benefits in terms of financial savings, easy and convenient access to data and services, as well as business agility. Organizations and individuals outsource their data to the cloud, where an untrusted party is in charge of storage and computation. A major concern for the adoption of cloud computing is the inability of the cloud to build user trust in the information security measures deployed in cloud services. Common computing techniques cannot be applied on encrypted data, and therefore the data and the applications that compute on the data must be decrypted before being run in the cloud infrastructure.

A comprehensive solution for securing the cloud computing infrastructure can be based on cryptographic mechanisms of secure computation. These mechanisms support computation on encrypted data. Several settings need secure computation.

PRACTICE will address all of these settings:

  • Hiding user data from other users of the same cloud service.
  • Hiding user data from the cloud provider.
  • Securing computation between several servers.
  • Securing computation between untrusting parties.
  • Provide modern and novel technologies for secure compu­tation on encrypted data, allowing the data owners to fully utilize the economies of scale provided by cloud computing while protecting their data from cloud provider insider at­tacks.
  • Create a secure cloud framework allowing for the realisa­tion of advanced but practical cryptographic technologies that are integrated in virtualised environments to provide ef­ficient and sophisticated security and privacy guarantees for users and providers of cloud-based services while reducing trust in the cloud provider to the utmost extent.
  • Develop models and techniques to quantify the return on investment for security investment for the deployment of secure computation algorithms. The model will allow for computing the risk landscape associated with outsourc­ing data and computation, and simulate different scenarios where both the investment in security and the required secu­rity level associated with the data can be changed.
  • Evaluate the legal aspects related to the outsourcing of data and of computation to the cloud beyond national and European boundaries, and establish guidelines.
The Laboratory contributes to the project proposing and developing a pilot case: the coordination of the aeronautic supply chain, with a specific focus toward the optimization of the maintenance of aeronautic engine, known as ‘fleet management’.

In this scenario, the fleet management service provider has to optimize the service on a number of customers that compete each other, aligning the customer needs (identified by the engine work status) to the internal on going and planned activities and to the status of the spare parts inventory.

The research activities has flown as follow:

  1. Design of the process of fleet management and analysis of security requirements,
  2. Identification of functional and security requirements for a cloud planning system targeted at the whole supply chain,
  3. Identification of a methodology for measuring the sensitivity of data involved in the optimized plan computation,
  4. Measuring the sensitivity through a survey of the industrial staff,
  5. Identification of a pilot case,
  6. Preparation of assessment framework to evaluate the business impact of the PRACTICE prototype,
  7. Execution of the pilot case by leveraging industrial data,
  8. Evaluation of the quality of the results.

For more information please contact: Antonio Zilli (