How can security requirements of critical Infrastructure IT shape Cloud Computing research?

Transcription

1 SEcure Clud cmputing fr CRitical Infrastructure IT Hw can security requirements f critical Infrastructure IT shape Clud Cmputing research? Dr. Markus Tauber [email protected] Austrian Institute f Technlgy (AIT) 25/04/2013 AIT Austrian Institute f Technlgy ETRA Investigación y Desarrll Fraunhfer Institute fr Experimental Sftware Engineering IESE Karlsruhe Institute f Technlgy NEC Eurpe Lancaster University Mirasys Hellenic Telecmmunicatins Organizatin OTE Ayuntamient de Valencia Amaris

2 What d we mean when we say: Clud Private Public Elasticity Scalability Critical Infrastructure Legal Requirements EU data prtectin SLA Clud Behaviur Resilience Anmaly Detectin Security and Safety Cludificatin SECCRIT Cnsrtium 2

3 Prblem Definitin Everything ges clud Cnsumer data like ur s r phts (ggle mail and ther ggle services) Data base applicatins, especially when expsed t unpredictable lad peaks Gvernmental Data Centres peer with each ther and create private cluds Sn all kinds f applicatins (inc. CI) withut us nticing it. Requirements fr clud applicatins vary Cmmercial nes mainly t deal with lad peaks and t get n-demand hardware resurces (scalability & elasticity) Requirements in CI regarding verall redundancy, data availability, authenticity, secure access are typically higher than in cmmercial applicatins. What is the prblem? Clud services are per definitin paque and make it hard t determine reasns fr failure and hence make the develpment f cuntermeasures hard This als implies that it is hard t determine wh s fault it is SECCRIT Cnsrtium 3

4 CI in the Clud Regulatry Issues Safety Issues (unlike ther clud services CI failure results in catastrphe, cascading effects) Security Issues Resilience's Issues Legal Issues EU Data Prtectin Stringent Regulatry Requirements Which data needs what level f prtectin Increased Awareness and visibility 7/24 availability Cnvergence f user cncerns and CI pririties SECCRIT Cnsrtium 4

5 Key Research Prblems Prvisin f legal guidance fr the use f technical infrmatin in matters f evidence and data prtectin as well as fr SLA Management Nvel Risk Management Appraches and Risk Metrics (inc. Catalgues) fr CI in Clud Envirnments Understanding Clud Behaviur (mnitring, frensic analysis, anmaly detectin, rt cause analysis, resilience analysis in varius layers) Best practise fr secure clud service implementatin in (e.g evaluating methds like cmmn criteria fr cludifying CI sftware) SECCRIT Cnsrtium 5

6 The SECCRIT Prject Why SECCRIT & why CI Cmmercial fcus mre n elasticity & scalability CI has higher interest in security aspects and redundancy Cmmercial user requirements cnverge with CI regulatry requirements Our utput benefits the user and can be applied t cmmercial cluds as well Highly user driven prject including user and advisry bard and real wrld dems What is SECCRIT 10 Partners frm Austria, Finland, Germany, Greece, Spain and the UK. Prject budget 4.8 Mi, partly funded by EC FP7 prgramme Prject duratin SECCRIT Cnsrtium 6

7 SEcure Clud cmputing fr CRitical Infrastructure IT Cntact Dr. Markus Tauber M +43 (0) [email protected] Austrian Institute f Technlgy (AIT) AIT Austrian Institute f Technlgy ETRA Investigación y Desarrll Fraunhfer Institute fr Experimental Sftware Engineering IESE Karlsruhe Institute f Technlgy NEC Eurpe Lancaster University Mirasys Hellenic Telecmmunicatins Organizatin OTE Ayuntamient de Valencia Amaris