The ERC Starting Grant Confidentiality-preserving Security Assurance (CASCAde), GA no. 716980, asks a simple question:

How can we convince others that a system is secure without giving the game away by disclosing its blueprint?

Thereby, paradoxically, CASCAde combines marries properties of security and integrity with confidentiality, which are often at odds with each other.

This question is especially relevant when a system is virtual, such as computing or storage resources in the Cloud. There, a cloud provider is hosting the resources of tenants. Naturally, the tenants would like assurances that their resources are kept secure, ideally in a way that they could verify those assurance claims. For instance, a tenant might require that the tenant's resources are kept isolated from other tenants or that they distributed over different geo-locations to protect them in case of disaster. At the same time, other tenants and the cloud provider will be adamant that their own resources stay undisclosed and that the overall blueprint of the system as a whole stays confidential.

CASCAde aims at creating a step-change from initial host-based security assurance, which offered some confidentility properties with tools such as Direct Anonymous Attestation (DAA), over topology-based security assurance, which offered a range security topological assurances but ignored confidentiality and privacy, to a confidentiality-preserving assurance of a system as a whole.

‎