Like coding on clouds.

Your work is safe with Secure Cloud's services. As is coded directly in the cloud.

What is Secure Cloud

SecureCloud is an ecosystem of cloud facilities characterized by superior security guarantees, providing protection from attacks by privileged users (e.g. the cloud provider or the system administrator) and software (e.g. the hypervisor). Protection relies on new security extensions recently introduced into commercially available off-the-shelf CPUs. The current implementation is based on Intel SGX, but support for additional platforms might become available in the future. SecureCloud is customizable, since it enables developers to build a cloud-based computing environment based on SGX-enabled containers that matches their personal preferences. SecureCloud is modular, because it allows developers to pick and use only the features that they need/want. SecureCloud is flexible, since it can satisfy a wide range of customers-specific requirements including big data processing, secure intra-cloud communication, precise microservice scheduling and reliable data storage. SecureCloud is interoperable, in that its facilities can be seamlessly integrated with best of breed offerings from the Open Source community

Platform Services


TaLoS:iEfficient TLS Termination Inside SGX Enclaves for Existing Applications


LibSEAL uses the TaLoS library described abobe to securely log all requests and responses sent to a microservice.


SGX-Spark is a modified version of the Apache Spark framework, which runs compute tasks inside of SGX enclave.


SCONE is a platform to build and run secure applications with the help of Intel SGX (Software Guard eXtensions).

Secure Map Reduce

Secure Map Reduce is a proof-of-concept map-reduce implementation specially tailored for small- to medium-footprint batch processing micro-services.


“CodingLib-SGX” is an erasure coding library for Random Linear Network Coding (RLNC) designed specifically for SGX.

Secure Streams

Secure Streams is a middleware framework for developing and deploying secure stream processing on untrusted distributed environments.

Secure Key-Value Store (KVS)

This outputs key differentiators compared to existing distributed key-value stores are security provided by a combination of SGX and coefficient and/or data encryption

SGX-enabled OpenStack

The usage of SGX, be it directly in an application or through SGX-based microservices, requires that the cloud environment adequately supports and exposes the SGX resources.

SGX-aware Kubernetes scheduler

Kubernetes is an open-source project to automatically deploy, scale in and out, and manage containerized applications on computer clusters.

Secure Content-Based Routing (SCBR)

Secure Content-Based Routing is a message-passing service based on the publish-subscribe paradigm.

Kubernetes-based HTC framework for secure big data processing

These tools and configurations that enable users to build applications that can process large amounts of data in a deadline-aware scalable fashion that also supports the confidentialities aspects provided by the SecureCloud project.

Infrastructure Services


Scheduling and Orchestration: SGX-enabled VMs and containers, as well as the orchestrations of these resources. SGX capabilities are not typically exposed by cloud management platforms, thus cloud providers wanting to enable SGX for their customers need to consume such SecureCloud services to provide SGX capabilities.


Attestation and Trust Management: the SCONE configuration and attestation service provides mechanisms for attestation and the fine-grained control in the sharing of secrets between applications (e.g., credentials, certificates) It also integrates with cloud platforms, especially with OpenStack services. Nevertheless, in contrast to regular OpenStack services, the security boundaries are controlled by the signatures of applications, and not only by roles and credentials informed to these applications and that can be stolen by attackers.


Auditing: Combines SecureCloud superior facilities in terms of Data Management and Storage, Distributed Communication, Big Data Processing, and Distributed scheduling to produce accurate, reliable, and timely records of actions.


Monitoring: adds SGX related metrics to platforms such as OpenStack and Kubernetes, which are not exposed by the regular SGX drivers and also not made available to the user of cloud monitoring tools.

Meet our customers and users

While typically users are defined via formal description of their profiles, in this document we describe the SecureCloud potential users in a “story telling” approach, using fictitious characters to convey the
main focus of the scenarios, and the fact that SecureCloud takes a user centric approach. Therefore, for each scenario, the use case evaluates how SecureCloud addresses a customer’s challenge, by opposition to a technology driven approach where the scenario would be defined by selecting specific technical capabilities.


C/C++ developer.

She learns that SecureCloud provides extensive support for
C/C++. Thus, she decides to use SecureCloud for writing her applications.



 She learns that SecureCloud provides efficient support for Go, and she decides to use SecureCloud for running her applications.



He starts using SecureCloud for providing his Java applications with better security guarantees. When he finds out SecureCloud has also advanced orchestration and data management features, he decides to use SecureCloud as an environment for all his applications.

Service and utility providers

PA Services

Municipality of Neuchatel is in charge of filing applications from citizens and enterprises for construction authorization. The PA wants to support interaction between expert and non-expert employees. This involves gathering very sensitive documents from applicants (both paper-based and paper-less), extracting relevant information, feeding it to the information system of the municipality, interfacing with offices and employees (of the municipality and possibly of other PA organisations) as well as with the public. To this aim, the Municipality wants to adopt a PA construction management service widely used in the Country, and offered by a third party provider. The Municipality is informed of the SecureCloud project, and it’s very excited about the advantages that will be brought to them by SecureCloud services. Particularly, the Municipality wants to be informed about integrity violations of the cloud service without the need to trust the service operator. SecureCloud allows to secure the service by constructing secure requests and responses exchanged between clients and the Internet service, and periodically checks for integrity

Music Streaming Service

MusicStreaming provider offers free music storage to customers who bought a music streaming service. The provider is interested in complying with privacy restrictions. The provider is informed of the SecureCloud project. The provider is exited to know that using SecureCloud services, he can implement GDPR restrictions as well as providing privacy for the users by only storing protected fragments of the data in each location they are created and accessed.

In Loco

The company collects data from the location of its users to profile regions and offer contextualized ads. It is concerned about the sensitivity of the data and the growing concerns from users about privacy and security. The company is investigating how to use SecureCloud services to host its application that handle directly handle sensitive data

Latest News


Targeted meeting to Technetic

Targeted meeting to Technetic 150 150 SecureCloud

SyncLab had a targeted meeting on February 2019 in Padua, presenting SecureCloud results to a prospect customer (Technetic, The company has shown interest in the SyncLab pilot application as…

Secure Cloud on Agenda Digitale

Secure Cloud on Agenda Digitale 150 150 SecureCloud

Prof. Luigi Romano (SyncLab) published an article about SecureCloud results on the Italian portal Agenda Digitale, the reference blog for Italian innovation:

CyberTech 2016

CyberTech 2016 150 150 SecureCloud

Prof. Romano served as a panelist for CyberTech 2016 organized by IEC:

Get in touch