SERECA · Project

Hardware-Level Cloud Security That Protects Your Data Without Trusting the Cloud Provider

digitalTestedTRL 5

Imagine renting a storage unit but the facility owner has a master key — you'd never store your most sensitive documents there. That's basically how cloud computing works today: your data sits on someone else's servers, and you have to trust them not to peek. SERECA built a kind of tamper-proof lockbox inside the cloud server's own processor chip, so your applications can run securely even if the cloud provider itself is compromised. They tested this with real-world scenarios including monitoring a city water supply network and analyzing performance data for cloud-hosted software.

By the numbers

EUR 3,834,340

EU contribution for secure cloud enclave R&D

consortium partners across 4 countries

50%

industry ratio in the consortium

industry-led use cases validated

total project deliverables produced

The business problem

What needed solving

Companies moving sensitive operations to the cloud face a fundamental trust problem: they must rely on cloud providers to protect their data, yet have no way to verify that trust. For critical infrastructure like water supply networks and for SaaS companies handling sensitive customer metrics, a breach or insider threat at the cloud provider level can expose everything. Current encryption solutions protect data in transit and at rest, but data must be decrypted for processing — leaving it vulnerable at the moment it is most useful.

The solution

What was built

SERECA built a three-layer secure cloud platform: system support for secure enclaves using commodity CPU hardware, operations management for distributed secure enclaves across multiple data centres, and an application management layer for secure reactive cloud applications. All three layers reached final implementation and evaluation, validated through a water supply monitoring use case and a SaaS performance analytics use case.

Audience

Who needs this

Water utilities and critical infrastructure operators needing tamper-proof cloud monitoringSaaS providers collecting sensitive customer performance and usage dataIoT platform companies handling personal or industrial sensor data across bordersHealthcare and financial services companies with strict data residency requirementsDefence and government contractors requiring cloud computing without trusting the provider

Business applications

Who can put this to work

Water and Critical Infrastructure

enterprise

Target: Water utilities and critical infrastructure operators

If you are a water utility company dealing with the risk of cyberattacks on your monitoring systems — this project developed secure enclaves running on commodity CPU hardware that protect sensor data and control signals even if the cloud infrastructure is compromised. SERECA specifically validated this with a civil water supply network use case, addressing threats from malicious attacks on critical infrastructure.

Cloud Software and SaaS

any

Target: SaaS companies handling sensitive customer performance data

If you are a SaaS provider collecting sensitive performance metrics from customer deployments — this project built a secure enclave platform that protects those assets from industrial espionage and criminal activity. SERECA validated this exact scenario as one of its two industry-led use cases, ensuring that live usage data stays confidential even from the cloud operator hosting the service.

IoT and Cyber-Physical Systems

mid-size

Target: IoT platform providers and industrial IoT integrators

If you are an IoT platform company managing highly interactive, data-intensive applications that handle sensitive personal or operational data — SERECA developed cloud platform architecture with secure enclaves specifically designed for reactive applications spanning multiple data centres. The system supports regulatory-compliant data localisation across distributed deployments.

Frequently asked

Quick answers

What would it cost to implement this secure enclave technology?

The project received EUR 3,834,340 in EU funding across 8 partners over 3 years, giving a sense of the R&D investment required. Based on available project data, specific licensing or per-unit costs are not disclosed. Implementation costs would depend on your cloud infrastructure and the scale of deployment.

Can this work at industrial scale across multiple data centres?

Yes, the architecture was explicitly designed for distributed deployments spanning multiple cloud data centres. SERECA built and evaluated components for managing distributed secure enclaves, as documented in their final deliverables covering operations on distributed secure enclaves.

What is the IP and licensing situation?

The project consortium included 4 industry partners and 2 SMEs alongside 3 universities, coordinated by Technische Universitaet Dresden. Based on available project data, specific IP licensing terms are not publicly disclosed. Interested companies should contact the consortium through SciTransfer for licensing discussions.

Does this comply with data localisation regulations like GDPR?

SERECA explicitly addresses regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centres while keeping data sovereignty intact. This was a core design goal, not an afterthought, making it relevant for companies subject to GDPR or sector-specific data residency requirements.

How mature is this technology — is it ready to deploy?

The project produced final design and implementation deliverables for all three core layers: system support for secure enclaves, operations on distributed secure enclaves, and management of secure reactive cloud applications. Two industry-led use cases were validated, but this remains at tested/demonstrated stage rather than a turnkey commercial product.

Can this integrate with existing cloud infrastructure?

SERECA was designed to exploit secure commodity CPU hardware, meaning it works with standard server processors rather than requiring specialised equipment. The cloud platform architecture was built for integration with existing cloud deployments, as described in their final system support deliverable.

Consortium

Who built it

The SERECA consortium of 8 partners from Germany, Ireland, Italy, and the UK has a balanced 50% industry ratio with 4 industry partners (including 2 SMEs) and 3 universities, coordinated by Technische Universitaet Dresden. This mix signals that the technology was developed with real commercial input, not just academic theory. The presence of industry partners who contributed use cases — water infrastructure monitoring and SaaS performance analytics — means the research was shaped by actual market needs. For a business considering this technology, the consortium composition suggests mature engineering with practical validation, though the academic coordination means commercialisation would likely require a technology transfer or licensing arrangement.

TECHNISCHE UNIVERSITAET DRESDENCoordinator · DE
IMPERIAL COLLEGE OF SCIENCE TECHNOLOGY AND MEDICINEparticipant · UK
CLOUD & HEAT TECHNOLOGIES GMBHparticipant · DE
TECHNISCHE UNIVERSITAET BRAUNSCHWEIGparticipant · DE
RED HAT LIMITEDparticipant · IE

How to reach the team

Technische Universitaet Dresden, Germany — contact through SciTransfer for introductions

Order a report on this consortium See TECHNISCHE UNIVERSITAET DRESDEN profile →

Next steps

Talk to the team behind this work.

Want to explore how SERECA's secure enclave technology could protect your cloud applications or critical infrastructure? SciTransfer can arrange a direct introduction to the research team and help evaluate fit for your use case.

Order a report on this topic More in Digital & ICT