PerfectDedup is a new scheme that enables the cloud to securely deduplicate redundant data when it is encrypted. PerfectDedup relies on the use of different encryption techniques based on the popularity of the data: Popular data are protected under convergent encryption and can therefore be deduplicated; unpopular data segments which are likely to remain unique are protected under semantically-secure symmetric encryption.

Container Isolation

Container Isolation component preserves confidentiality of sensitive data in a containerized virtual environment. By exploiting Docker’s layered filesystem users can securely manipulate images throughout their life cycle. The component can secure both data on disk, by encrypting/decrypting on the fly, and data migration by enhancing the image distribution process.

TREDISEC@ISSE17: "How to reconcile cloud efficiency with security & privacy"

Only four months left to finish TREDISEC!

It has been a long way, but the time has come. We are in the final countdown and we have obtained awesome results along this tough but exciting period. So let's start showing off!

In order to do that, we have chosen the conference ISSE: The future of Digital Security & Trust. The TREDISEC workshop took place in the morning of the second day of the conference and was titled "How to reconcile cloud efficiency with security & privacy". This is our mantra and we wanted to get across the message that TREDISEC provides the necessary means to achieve it.

IBM data ownership toolkit

Proof of Ownership (PoW) is a cryptographic protocol that regulates the interactions between a prover and a verifier. The protocol is usually executed in the context of a storage outsourcing scenario, where the prover is the client and the verifier is the (storage) service provider.


EPICA (Efficient and Privacy-respectful Interoperable Cloud-based Authorization) is a software implementation that controls access to resources (either services or data) in multi-tenant cloud environments. EPICA supports an ABAC-based model that extends XACML policies to represent trust relationships between tenants (so called “tenant-aware XACML policies”) in order to govern cross-tenant access to shared cloud resources.

Secure Data Migration Service

The second primitive chosen to illustrate the results obtained along TREDISEC project in our corporate blog is Secure Data Migration service.

Our Secure Data Migration Service allows companies to securely outsource databases such as those used by enterprise resource planning software into the cloud. All sensitive data is stored encrypted in the cloud and all keying material for decryption is kept solely at the company. Despite encryption, our solution preserves the ability to execute arbitrary database queries.

Secure Deletion Primitive

We start this series of articles about the primitives developed in TREDISEC project with Secure Deletion.

The key feature of the Secure Deletion primitive is to allow users to retain more control over their data. Once a user decides to securely delete data, it is irrecoverably deleted. Thereby, secure deletion provides privacy and compliance with existing data retention laws. We provide a new multi-user secure deletion solution.

How TREDISEC will contribute to data security and storage efficiency in the cloud

Cloud computing has changed both business and everyday life, that’s a fact. Its technological capabilities offer numerous opportunities to cut costs, drive business innovation, and enable new consumer services. On the other hand, a successful attack to critical cloud services, which might slow-down or interrupt services as well as leave data in-flight or at-rest completely exposed to non-authorized parties, could derive into contractual obligations or regulatory compliance violation, resulting in reputation, financial loss, and ultimately, even loss of lives in the case of health or defence critical systems. And suffering such an attack is not an unlikely possibility at all. Not anymore.