How can security requirements of critical Infrastructure IT shape Cloud Computing research?

Similar documents
How To Write A Secure Cloud Computing For Critical Infrastructure

High Assurance in Multi-Layer Cloud Infrastructures

Cloud Inspector A Cooperative Tool to Increase Trust in Cloud Computing

Secure Cloud Computing for Critical Infrastructures

Techno-Legal Motivation

Securely Managing Cryptographic Keys used within a Cloud Environment

Security Assurance IN Service OuTSourcing (SAINTS)

G-CLOUD FRAMEWORK SERVICE DEFINITION. Solution Architecture for Cloud Service. Copyright: point6 Ltd

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

ERAC. Efficient and Robust Architecture for the big data Cloud. Tor Skeie

THOMSON REUTERS C-TRACK CASE MANAGEMENT SYSTEM SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM

UC4 AUTOMATED VIRTUALIZATION Intelligent Service Automation for Physical and Virtual Environments

State of Wisconsin DET Agency Managed Virtual Services Service Offering Definition

Service Level Agreement in IBM T Clud - ITAP

Succession Planning & Leadership Development: Your Utility s Bridge to the Future

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

Simplifying Big Data Integration A Software as a Service Approach ~ Preliminary Analysis and Design ~

State of Wisconsin. File Server Service Service Offering Definition

Systems Support - Extended

Copernicus & Big Data: A Perspective from the European EO Services Industry. Geoff Sawyer: EARSC Secretary General

FINANCE SCRUTINY SUB-COMMITTEE

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Business Continuity Management Systems Foundation Training Course

Configuring, Monitoring and Deploying a Private Cloud with System Center 2012 Boot Camp

Session 9 : Information Security and Risk

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

How To Deal With A Data Breach In The European Law

Basics of Supply Chain Management

Aim The aim of a communication plan states the overall goal of the communication effort.

Information Services Hosting Arrangements

Volume 2, Issue 11, November 2014 International Journal of Advance Research in Computer Science and Management Studies

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

Professional Leaders/Specialists

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Helpdesk Services at the Executive Office of Energy and Environmental Affairs is defined as follows:

Protection of Critical Infrastructure

Workshop on Business Analysis

Growing Your Cloud Infrastructure: Planning, Design and Operation

Electronic and Information Resources Accessibility Compliance Plan

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment

Case Study. Sonata develops. comprehensive BI Application for a leading provider of Animal Nutrition Solutions. Ananthakrishnan

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

Customer Support & Software Enhancements Policy

Towards Novel Certification Models in Cloud Infrastructures (the CUMULUS approach)

OnX is uniquely positioned to help your organization rapidly gain the necessary skills to enable the successful deployment of SDN.

How To Measure Call Quality On Your Service Desk

Change Management Process

Secure Outsourced Computation in a Multi-Tenant Cloud. Seny Kamara - Microsoft Research Mariana Raykova - Columbia

Enterprise Security Management CIS 259

How Does Cloud Computing Work?

Change Management Process For [Project Name]

2 DAY TRAINING THE BASICS OF PROJECT MANAGEMENT

Represent New College Stamford at both national and regional events and serve on appropriate external committees.

Health and Safety Training and Supervision

Guidelines for Outsourcing, Offshoring, and Cloud Services

Erasmus+ Joint Master Degrees. (JMDs) EACEA Unit A.3. Date: in 12 pts

AN ROINN OIDEACHAIS THE LEAVING CERTIFICATE

JACK CROWLEY, PMP 3856 Mill Mount Drive Powhatan, Virginia

Direct Marketing Production Printing & Value-Added Services: A strategy for growth

Transcription:

SEcure Clud cmputing fr CRitical Infrastructure IT Hw can security requirements f critical Infrastructure IT shape Clud Cmputing research? Dr. Markus Tauber markus.tauber@ait.ac.at Austrian Institute f Technlgy (AIT) 25/04/2013 AIT Austrian Institute f Technlgy ETRA Investigación y Desarrll Fraunhfer Institute fr Experimental Sftware Engineering IESE Karlsruhe Institute f Technlgy NEC Eurpe Lancaster University Mirasys Hellenic Telecmmunicatins Organizatin OTE Ayuntamient de Valencia Amaris

What d we mean when we say: Clud Private Public Elasticity Scalability Critical Infrastructure Legal Requirements EU data prtectin SLA Clud Behaviur Resilience Anmaly Detectin Security and Safety Cludificatin 22.04.2013 SECCRIT Cnsrtium 2

Prblem Definitin Everything ges clud Cnsumer data like ur emails r phts (ggle mail and ther ggle services) Data base applicatins, especially when expsed t unpredictable lad peaks Gvernmental Data Centres peer with each ther and create private cluds Sn all kinds f applicatins (inc. CI) withut us nticing it. Requirements fr clud applicatins vary Cmmercial nes mainly t deal with lad peaks and t get n-demand hardware resurces (scalability & elasticity) Requirements in CI regarding verall redundancy, data availability, authenticity, secure access are typically higher than in cmmercial applicatins. What is the prblem? Clud services are per definitin paque and make it hard t determine reasns fr failure and hence make the develpment f cuntermeasures hard This als implies that it is hard t determine wh s fault it is 22.04.2013 SECCRIT Cnsrtium 3

CI in the Clud Regulatry Issues Safety Issues (unlike ther clud services CI failure results in catastrphe, cascading effects) Security Issues Resilience's Issues Legal Issues EU Data Prtectin Stringent Regulatry Requirements Which data needs what level f prtectin Increased Awareness and visibility 7/24 availability Cnvergence f user cncerns and CI pririties 22.04.2013 SECCRIT Cnsrtium 4

Key Research Prblems Prvisin f legal guidance fr the use f technical infrmatin in matters f evidence and data prtectin as well as fr SLA Management Nvel Risk Management Appraches and Risk Metrics (inc. Catalgues) fr CI in Clud Envirnments Understanding Clud Behaviur (mnitring, frensic analysis, anmaly detectin, rt cause analysis, resilience analysis in varius layers) Best practise fr secure clud service implementatin in (e.g evaluating methds like cmmn criteria fr cludifying CI sftware) 22.04.2013 SECCRIT Cnsrtium 5

The SECCRIT Prject Why SECCRIT & why CI Cmmercial fcus mre n elasticity & scalability CI has higher interest in security aspects and redundancy Cmmercial user requirements cnverge with CI regulatry requirements Our utput benefits the user and can be applied t cmmercial cluds as well Highly user driven prject including user and advisry bard and real wrld dems What is SECCRIT 10 Partners frm Austria, Finland, Germany, Greece, Spain and the UK. Prject budget 4.8 Mi, partly funded by EC FP7 prgramme Prject duratin 1.1.2013 31.12.2015 22.04.2013 SECCRIT Cnsrtium 6

SEcure Clud cmputing fr CRitical Infrastructure IT Cntact Dr. Markus Tauber M +43 (0) 664 8251011 markus.tauber@ait.ac.at Austrian Institute f Technlgy (AIT) www.ait.ac.at/ict-security www.seccrit.eu AIT Austrian Institute f Technlgy ETRA Investigación y Desarrll Fraunhfer Institute fr Experimental Sftware Engineering IESE Karlsruhe Institute f Technlgy NEC Eurpe Lancaster University Mirasys Hellenic Telecmmunicatins Organizatin OTE Ayuntamient de Valencia Amaris

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information