Panagiotis Rizomiliotis University of the Aegean, Greece. Effectsplus 1st technical cluster meeting March 29th & 30th 2011

Transcription

1 Panagiotis Rizomiliotis University of the Aegean, Greece Effectsplus 1st technical cluster meeting March 29th & 30th 2011

2 Title of the Project: Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments Starting date End date: 01/06/ /05/2012 Duration : 24 months Total Budget: 3,580, Project Manager: Charalabos Skianis (U. of the Aegean, CCSL) Links: &CAT=PROJ&RCN=

3 Beneficiary Number Beneficiary name Beneficiary short name Country 1 (Coordinator) University of the Aegean AEGEAN GR 2 ANECT ANE CZ 3 Atos Origin ATO ES 4 Engineering Ignegneria Informatica ENG IT 5 Thales Research and Technology TRT UK 6 Technical University of Dresden TUD DE 7 University of Malaga UMA ES 8 Waterford Institute of Technology WIT IE

4 The PASSIVE consortium is wellbalanced among: RI (Research Institutes WIT), HE (High Education AEGEAN, TUD, UMA), CP (Companies ATO, ENG, TRT), SME (ANE).

5 PASSIVE is motivated by the following issues: High demand for the support of large applications (e.g., in e-government ) in an efficient and secure manner; Hands-on experience on Virtualised service platforms, cloud computing and security in similar environments PASSIVE proposes an improved model of security for such virtualised systems to ensure that: adequate separation of concerns (e.g. policing, judiciary) can be achieved even in large scale deployments, threats from co-hosted operating systems are detected and dealt with; public trust in application providers is maintained even in a hosting environment where the underlying infrastructure is highly dynamic.

6 The PASSIVE project proposes to: Investigate the unique virtualisation requirements for e- Government applications. Identify e-government security requirements and propose solutions to security/privacy challenges that are hindering the adoption of virtualisation technologies by European governments and associated agencies. Develop a framework for the secure deployment of virtualisation technology in e-government scenarios, in consultation with an appropriately constituted advisory board. Enhance the state-of-the-art in virtualisation security by designing and creating a prototype implementation of a policybased hypervisor security management tool.

7 Use Case 1 Secure Integrated Transport Information and Ticketing Use Case 2 Desktop virtualisation in the minister s office Use Case 3 Transferred field of power Use Case 4 evisor Tool

8 The project will evolve along certain main activities: An initial specification activity with the identification of indicative use cases and a set of both legal and end-user requirements that will identify the key technological challenges that PASSIVE will face. Emphasis will be given on sensitive electronic governmental applications that take advantage of virtualisation technologies These requirements will feed the Architecture and Design activity. The proposed Architecture will be implemented, tested and validated. The NOVA microhypervisor will be the base of the implementation. The technological activities will be framed by activities of scientific dissemination and commercial exploitation.

9 To achieve the goal of providing an improved model of security for virtualised systems PASSIVE will focus on: Resource virtualisation for fine-grained access control to all physical resources (lightweight resource virtualisation layer, tiers of access control & dynamic change of tier for a service) ; Lightweight Authentication and Accounting to manage large numbers of applications and resources present in large scale distributed VM services; Policy-based Security Management that will translate user requirements into actions and will also detect and flag conflicting requirements to be resolved by other control entities; Low footprint VM Monitoring that will support analysis and filtering functions in order to minimise successful attacks on the virtualisation software itself; Dynamic adaptation of security level to cater for unexpected and potentially malicious accesses; Tools and procedures to ensure the right addressing of legal issues and certification of virtualised infrastructure.

10 Join us for IEEE CloudCom 2011 Athens, Nov. 29 December 1,