Security Assurance IN Service OuTSourcing (SAINTS)

Transcription

1 Security Assurance IN Service OuTSurcing (SAINTS) Mussa OUEDRAOGO, PhD Service Science and Innvatin, CRP Henri Tudr Cnférence EurClud Luxemburg du 26 Fevrier Migrer vers le Clud Cmputing: pprtunités et pièges

2 Data centres and clud services as the new trend fr Businesses Advances have been made in the technlgy, particularly in netwrking and virtualisatin. Outsurcing f cmpetencies nt cre t the business Cnsumers are mre interested in results rather than in the technical details Lesser management and maintenance cst

3 The Security Challenges f Sustaining the Mmentum Threat 3: Malicius insiders Threat 7: Unknwn Security Prfile Threat 6: Accunt r service hijacking Threat 5:Data lss r leakage Threat 4: Shared technlgy issues Amazn EC2 Amazn Zeus btnet Incident (2012) Sny s netwrk hacking (2011) Threat 2: Insecure interfaces and APIs Threat 1: Abuse and nefarius use f clud cmputing

4 Frm Security Cncerns t Slutins Summary f the security challenges in clud cmputing Sensitive infrmatin are stred r prcessed by prviders at gegraphically dispersed areas. Security nw lies in the hand f a third party gracefully lsing cntrl while maintaining accuntability (Mell & Grance, 2009) The perspective slutins Threats affecting the wider adptin f the clud Type f security Cncern Related Security Slutins Threat 2 and 6 VM security Use f Trusted Clud Cmputing Platfrm (TCCP), VM mnitring, encryptin, encapsulatin, abstractin Threat 3-5 Data Security Encryptin, Access Cntrl Threat 7 Unknwn security level Security certificatin, Audits, SLA mnitring blind trust between a prvider and a cnsumer? Security Certificatin driven selectin f the CSP? The missing links: Security transparency and mutual auditability (evidence based)

5 Filling the Gap: The SAINTS Apprach Establishing security transparency and mutual auditability in clud services. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Prir t Service Usage During service usage Enable service prviders (CSPs) t ensure their security is cntinuusly aligned t increasingly strict regulatry requirements and als t cnsumers (CSCs) service security needs.

6 The C.A.RE Apprach fr Assessing and Ranking CSPs. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Initiative culd be integrated t nging Eurclud effrts r tailred fr setting the fundatin f standardisatin in Luxemburg.x

7 During the Usage Clud Service: Cntinuus Prbing f Security. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Develp a framewrk fr enabling the appraisal and mnitring f the security assurance and their apprpriate reprting t the prvider and cnsumer Usage f a netwrk f cllabrative sfware sensrs fr anmalies detectin.

8 During the Usage Service: Timely Reprting f Security Indicatrs. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Reprting f security indicatrs Develp an architecture fr enabling the exchange f security infrmatin Determine relevant type f indicatrs fr a CSC. Priritisatin, crrelatin and aggregatin f alerts. Opinin f SMEs are sught fr further elabrating the set f metrics that culd be made available t the CSC.

9 Cncluding Remarks. Clud services are being perceived as the ultimate slutin fr cmpanies seeking t achieve bth efficiency and cst cutting in the prvisining f services Clud service as an Old wine in new bttle a relatively gd knwledge f the demns that cme with it. Security transparency and mutual auditability as the truly new security challenges, thugh scantly addressed in the literature and in practice. The SAINTS prject purprts t address such an issue thrugh definitin f techniques and a tl fr: Labeling and ranking CSPs based n their security ffering, t enable an infrmed selectin f a CSP by a CSC prir t embarking nt the clud Allwing CSC t cntinuusly keep an eye n a security matter that is nw devlved t the CSP Opinins frm Actrs in clud services (CSCs and CSPs) are highly sught during the lifetime f the prject.

10 Thanking yu fr yur time. Fr further infrmatin, please cntact: Prject Investigatr: Mussa OUEDRAOGO Prject Leader: Severine MIGNON Available fr talk during Cffee Break!!