Consor;um (partners) ARES conference Toulouse, 24 August 2015

Transcription

1 1

2 2

3 3

4 Consor;um (partners) 4

5 The honest- but- curious CSP model (cloud service provider)? 5

6 an attack tolerant framework Ambi;on in the context of honest-but-curious CSPs preserving the benefits associated with the cloud Attack and intrusion resilient Able to recover quickly Following a standard architecture based on a variety of security mechanisms Appropriate and computationally feasible in cloud environments New security techniques? Adjustment and refinement of available methods? under the control of cloud users Defining the security policy they want to apply to their data preserving typical cloud functionalities Cost savings Ubiquitous access Data storage Data retrieval Data transformation 6

7 Innova;on data encryption Encrypt data before passing them to the cloud provider Switch back to on-premises software (proxy or gateway) provide new efficient and functionalitypreserving encryption techniques explore and use other data obfuscation methods (than systematic encryption) data splitting Distribute a database to different servers Cloud providers collaboration needed enable interoperability between heterogeneous CSPs providing similar services data anonymisation Search sensitive piece of information in documents (different methods) Remove or obfuscate them adapt data anonymisation methods for the cloud research efficient, feasible and functionality preserving data anonymisation methods 7

8 Technical solu;on (one user) Cloud Service Provider 2 data set 4 transformed search obfuscated results data set search query clear results 8

9 Technical solu;on (two users) Cloud Service Provider 2 data set 4 transformed search obfuscated results 5 modif data 8 CLARUS 1 collaboration data set search query clear results modif data 9

10 Organisa;on Project management User and technical Requirements Security and privacy framework Architecture design CLARUS implementation Evaluation, testing and validation Dissemination exploitation communication all partners 10

11 Applica;on cases for CLARUS 11

12 CLARUS for e- Health Protecting medical records Supporting different HIS standards Supporting privacy-preserving clinical research Protecting confidentiality of Electronic medical records Preserving performance of the computation process with security techniques 12

13 CLARUS for Geo- Data Protecting geographical objects and scientific data Supporting different GIS formats Securing OGC standards (Web Feature Service WFS) Protecting privacy of personnel on ground Securing OGC standards (Web Map Service WMS) Preserving performance of the computation process with security techniques 13

14 Key technical requirements a proxy running on trusted local premises configurable by a dedicated actor (the IT security manager) delivers appropriated counter-measures, depending on the intrusion type encountered integrated in the IT system of the organization (access control and security policy management) supports multi-usage scenarios of outsourcing data to the cloud (store, search, compute, etc.) helps the security manager to select the most appropriate security techniques includes a monitoring solution with attack prevention and detection tools can also be part of the CLARUSadopting cloud provider providing an API to process protected data on the cloud 14

15 Monitoring requirements Intrusion Prevention system list of security incidents definition of dedicated countermeasures Monitoring and attack management tool Intrusion Detection system list of metrics and indicators definition of rules to detect incidents web-based report real-time notification of an intrusion Manual/ automated countermeasures depending on the attack type detected Restore back-up state in case of failure of one or several CLARUS proxies 15

16 Legal and ethical aspects By default my data should be unreadable if there is a data leak. Any request to delete personal data should be respected. CLARUS end-user I want the processing of personal data to be transparent so that I am aware of the nature of the processing. The system should be designed to prevent any unauthorized access. The data minimization principle should be respected. The system should not collect data which are not necessary to fulfill its purpose. cf. EU Directive 95/46/EC The storage of personal (sensitive) data on the CLARUS-adopting CSP must be secure. Security manager Personal data must be protected throughout the entire lifecycle. 16

17 More on CLARUS 17