Stefan Schoenen, Zoltán Ádám Mann, Andreas Metzger: Using risk patterns to identify violations of data protection policies in cloud systems. In: 13th International Workshop on Engineering Service-Oriented Applications and Cloud Services (WESOACS 2017)


We present a model-based approach for identifying violations of data protection policies at run-time. Key elements of our approach are (1) a run-time model to represent the actual cloud system and its stakeholders at runtime, and (2) risk patterns that commonly appear in the context of data protection issues. Our approach aims to find instances of these risk patterns in the run-time model.


Zoltán Ádám Mann: Resource optimization across the cloud stack. In: IEEE Transactions on Parallel and Distributed Systems, volume 29, issue 1, pages 169-182, 2018


This paper addresses the joint optimization problem of mapping application components to virtual machines and mapping virtual machines to physical machines, taking into account sizing aspects, colocation constraints stemming from data protection issues, license costs, and hardware affinity relations.


Zoltán Ádám Mann, Andreas Metzger: The special case of data protection and self-adaptationIn: IEEE/ACM 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2018)



We consider the interplay between data protection and self-adaptation and argue that (i) self-adaptation may facilitate the efficient protection of sensitive data; (ii) data protection has peculiar properties that make its treatment different from other quality attributes; and (iii) data protection should be considered in combination with other quality attributes like performance and costs.


Zoltán Ádám MannCloud simulators in the implementation and evaluation of virtual machine placement algorithms. In: Software: Practice and Experience



This paper investigates the impact of the choice of cloud simulator on the implementation of cloud resource optimization algorithms and on the evaluation results. In particular, we report our experiences with porting an algorithm and its evaluation framework from one simulator (CloudSim) to another (DISSECT-CF).


Zoltán Ádám Mann, Andreas Metzger, Stefan SchoenenTowards a run-time model for data protection in the cloud. In: I. Schaefer, D. Karagiannis, A. Vogelsang, D. Méndez, C. Seidl (Eds.): Modellierung 2018. Gesellschaft für Informatik e.V., pp. 71-86, 2018


To foster a model-based approach to detecting and mitigating data protection violations in cloud systems, this paper proposes a meta-model of cloud systems. The meta-model includes technical components from infrastructure, middleware, and applications, but also further concepts describing data and stakeholders. This makes it possible to reason about all the socio-technical aspects relevant for protecting sensitive data.


Sevil Dräxler, Holger Karl, Zoltán Ádám Mann: Joint Optimization of Scaling and Placement of Virtual Network Services. In: IEEE/ACM 17th International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2017, Madrid, Spain, 2017, IEEE Computer Society, 2017.


This publication describes a new method and new algorithms for adaptively scaling and placing virtualized network functions (e.g., firewall, deep packet inspection, anti-virus, parental control) and their data flows in the cloud.


Zoltán Ádám Mann, Andreas Metzger: Optimized Cloud Deployment of Multi-tenant Software Considering Data Protection Concerns. In: IEEE/ACM 17th International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2017, Madrid, Spain, 2017, IEEE Computer Society, 2017.


This publication addresses the question of how secure hardware enclaves as part of cloud servers may increase the optimization possibilities of cloud providers. New algorithms are proposed to take advantage of such capabilities with the aim of ensuring data protection and minimizing costs simultaneously. Experimental results suggest that even a small percentage of secure hardware enclaves may lead to significant cost savings.


Zoltán Ádám Mann: Two are better than one: An algorithm portfolio approach to cloud resource management. In: Proceedings of the 6th European Conference on Service-Oriented and Cloud Computing (ESOCC 2017), Springer LNCS vol. 10465, pp. 93-108, 2017.


This paper suggests an algorithm portfolio approach in which multiple algorithms for dynamic optimization of resource allocation in virtualized data centers coexist. Based on continual monitoring and analysis of the state of the data center, the optimization algorithm that is most suitable is chosen on the fly. Thereby, the balance between optimization quality and reaction time can be tuned adaptively. Empirical results show that this approach leads to improved overall results.


Mann, Zoltan (UDE), Salant, Eliot (IBM), Surridge, Mike (IT Innovation), Ayed, Dhouha (Thales), Boyle, John (OCC), Heisel, Maritta (UDE), Metzger, Andreas (UDE), Mundt, Paul (Adaptant): Secure Data Processing in the Cloud. ESOCC EU Workshop, 27 September 2017, Olso.


Other Papers

Alexander Palm, Zoltán Ádám Mann, and Andreas Metzger: Modelling Data Protection Vulnerabilities of Cloud Systems using Risk Patterns (Technical Report)


Julian Bellendorf and Zoltán Ádám Mann: Cloud topology and orchestration using TOSCA: A systematic literature review. Technical Report, 2018

Public Deliverables


D2.1 – Project Management and Quality Assurance Handbook


D3.1 – Initial High Level Architecture


D3.2 – First High-Level Architecture & Methodology


D4.1 – Conceptual Foundation of the RestAssured Secured Enclave


D5.1 – Concept for End-User Privacy Policy Violation Detection


D6.1 – Methodology for Decentralized Data lifecycle Management


D7.1 – RestAssured Security and Privacy Engineering Methodology


D8.1 – First Validation Plan


D9.1 – Data Management Plan


D9.2 – Impact Plan


D9.3 – First Impact and Innovation Management Summary Report