A. Grusho, N. Grusho, E. Timonina, V. Piskovski The Institute of Informatics Problems of the Russian Academy of Sciences, Non-profit Partnership «Applied Research Center for Computer Networks» Moscow, Russia
Traditionally IT infrastructure can be presented as a connected graph GG tt = VV tt, EE tt, where VV tt IT components, EE tt interactions. We also can introduce a two kinds of topology, assigning to every host: a risk, i.e. L 1 is a measure, a kind of a norm reflecting a probability to get unauthorized access a value of data a host processes, similarly we denote it as L 2, a measure of data category
DMZ Back office Sharepoint SCCM Internet Mail Server RDBMS Data Center SCADA HMI HMI Equipment Operational DW segment HMI MES PLM DSC Controllers, sensors, actuators, equipment PLC Sensors
The norm of L 1 representing a scalar risk. A given threshold defines a subset V 1 of components. We can assume those components have got heightened risk of unsafe impact. A threshold applied to V and L 2 defines a subset V 2 of hosts or components containing valuable information needed to be protected.
We determine the system architecture as secure when there are no direct interactions between V 1 and V 2 elements. If there is a need in such interactions then we have to put an interface called SecS (Security Server). The Security Server is both to lower a risk of hazard effect on valuable hosts and to prevent of rising value level for risky hosts. SDN allows to recalculate norms mentioned above and to customize configurations in order to keep the architecture secure
It s really hard and expensive to build absolutely or assured secure architecture. As an example of systems with different levels of security we consider a PC. Also we assume the PC runs under a hypervisor with its manager and two virtual machines. A virtual machine VM1 has connected with Internet, and the other VM2 is not allowed to connect to Internet. A user can work with his confidential data on a VM2 and has to switch to VM1 in order to send these packages. Thus we can state that just described architecture is more secure in comparison of a situation when both virtual machines have been accessed to Internet.
VM1 VM2 Admin.OS Hypervisor
Data (OLAP facts) accompany with markers to estimate a value, i.e. data category BI (OLAP) procedures recalculate aggregated value markers complying with predefined rules Control Plane applications administer an access to aggregated values on-line according to users credentials and his current activity profile These applications can use AI technology to realize such a flexible security policy to guard sensitive data
SDN controller applications solve the problems: To get an access to the object of analysis, i.e. data flow from a web-service to a client, e.g. by men-inthe-middle Applying AI tools to analyze data flow and make a decision on its content during the period defined by technological and business requirements
To protect data with a usage of insecure platforms in control and data planes: 1. Split data (e.g. a text) into fragments 2. Furnish every fragment with two cryptographically protected marks 3. Store crypto keys for these marks in control plane 4. Place fragments into randomly chosen memory slices 5. Controller swiftly restores a full text as a linked list according to requested fragment
... Meta data Data Access Control Controller Service of distributed data storage Request to get data Data Fragment 1... Fragment N-1 Processing data Data Fragment N... Data storage systems Fragment 1 Fragment N Fragment N-1... Private cloud... DropBox SkyDrive
A secure usage of cryptography depends on the quality of isolating domain with cryptographic functions running Applying specialized high performance technical means in control plane to use dissimilar crypto keys in different data flows and to carry out bulk computations at instantiating cryptographic protection of high quality
Thank you Questions