High Assurance in Multi-Layer Cloud Infrastructures



Similar documents
Secure Cloud Computing for Critical Infrastructures

Cloud Inspector A Cooperative Tool to Increase Trust in Cloud Computing

Techno-Legal Motivation

How To Write A Secure Cloud Computing For Critical Infrastructure

How can security requirements of critical Infrastructure IT shape Cloud Computing research?

SEcure Cloud computing for CRitical infrastructure IT

Cybersecurity Risk Assessment in Smart Grids


Fuld Skolerapport for Søhusskolen, i Odense kommune, for skoleår 2013/2014 for klassetrin(ene) 9. med reference Tilsvarende klassetrin i kommunen

Fuld Skolerapport for Hunderupskolen, i Odense kommune, for skoleår 2013/2014 for klassetrin(ene) 7. med reference Tilsvarende klassetrin i kommunen

Hong Kong Information Security Group TRAINING AGENDA

Service Level AgreementMonitoring for Resilience in Computer Networks

Backshoring of Production Activities in

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE

Preface Introduction

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

Requirements Analysis Concepts & Principles. Instructor: Dr. Jerry Gao

Secure Cloud Identity Wallet

PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH

Huawei One Net Campus Network Solution

Resilience in Networks: Elements and Approach for a Trustworthy Infrastructure. Andreas Fischer and Hermann de Meer

Outlook. Corporate Research and Technologies, Munich, Germany. 20 th May 2010

ISSN Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

Cloud security architecture

etom- ITIL mapping NORDUnet Nordic Infrastructure for Research & Education 3 rd TF-NOC meeting, June 28 th Zurich Stefan Liström

AVAYA WLAN ACCESS POINT 9123

PERFORMANCE TESTING OF BITUMINOUS MIXES USING FALLING WEIGHT DEFLECTOMETER

Security Techniques for Protecting Data in Cloud Computing one SHOULD know WHAT...

Copyright 2010 NTT DATA AgileNet L.L.C. 12/06/2010 NTT DATA Agilenet L.L.C. Kenji Motohashi

Team A SaaS Strategy

Product Specifications

Making the case for OpenStack in the Enterprise. Francesco Paola, CEO, Solinea Seth Fox, VP Operations, Solinea

Dynamic Monitoring Interval to Economize SLA Evaluation in Cloud Computing Nor Shahida Mohd Jamail, Rodziah Atan, Rusli Abdullah, Mar Yah Said

Solution for Automation of Reinsurance Processes

Digitizing European Industry: Digital Industrial Platform Building

Real-Time Communication in IEEE Wireless Mesh Networks: A Prospective Study

Applied and Integrated Security. C. Eckert

Disclosure of Proprietary Data Notice

Security Issues in Cloud Computing

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

An Approach Towards Customized Multi- Tenancy

Monitoring sítí pomocí NetFlow dat od paketů ke strategiím

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

Data and Control Plane Interconnect solutions for SDN & NFV Networks Raghu Kondapalli August 2014

The deployment of OHMS TM. in private cloud

MACHINE TO MACHINE COMMUNICATIONS. ETSI TC M2M Overview June 2011

Information Blue Valley Schools FEBRUARY 2015

Impact of Feature Selection on the Performance of Wireless Intrusion Detection Systems

Introduction Chapter 1. Uses of Computer Networks

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

DeuceScan: Deuce-Based Fast Handoff Scheme in IEEE Wireless Networks

Cyber Security in Austria

Corporate Presentation. Intense Technologies Limited

IT Operations Managed Services A Perspective

Smart grid security analysis

Horizontal IoT Application Development using Semantic Web Technologies

Open-Mesh MR Series. Cloud managed networking for less money.

The Open Group Perspective on Public Sector Cloud

CASE STUDY. Unius Reinsurance System. Reinsurance solution in Allianz Țiriac Asigurari S.A., Romania

Software as a Service (SaaS) and Platform as a Service (PaaS) (ENCS 691K Chapter 1)

A Secure System Development Framework for SaaS Applications in Cloud Computing

Comparison of Request Admission Based Performance Isolation Approaches in Multi-tenant SaaS Applications

Fundamental Concepts and Models

NSW Government. Wireless services (WiFi) Standard

Storage Cloud Infrastructures

CURRICULUM VITAE. Li Chen

Big Data Analytics and Decision Analysis for Manufacturing Intelligence to Empower Industry 3.5

Vinay Parisa 1, Biswajit Mohapatra 2 ;

Product Navigator User Guide

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Horizontal Integration - Unlocking the Cloud Stack. A Technical White Paper by FusionLayer, Inc.

Cloudified IP Multimedia Subsystem (IMS) for Network Function Virtualization (NFV)-based architectures

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Helix Nebula: Secure Brokering of Cloud Resources for escience. Dr. Jesus Luna Garcia

Enabling Data and Analytics. for Enterprise Asset management (EAM) Devang Patel & Arun Narayanan. SEAL Consulting Inc SESSION CODE: EM2098

Transcription:

SEcure Cloud computing for CRitical Infrastructure IT High Assurance in Multi-Layer Cloud Infrastructures PhD Research Agenda[1] Austrian Institute of Technology (AIT) / Technical Univsersity of Vienna Aleksandar Hudic [1] Hudic A., Mauthe A., Caceres S., Hecht T., Tauber M. : "Towards continuous Cloud Service Assurance for Critical Infrastructure IT", IEEE FiCloud-2014 AIT Austrian Institute of Technology ETRA Investigación y Desarrollo Fraunhofer Institute for Experimental Software Engineering IESE Karlsruhe Institute of Technology NEC Europe Lancaster University Mirasys Hellenic Telecommunications Organization OTE Ayuntamiento de Valencia Amaris

Research questions How to assure that security properties are met across distinct cloud layers with different stake holders? Levels of Abstraction (The SECCRIT architecture) How to derive continuous assessment of security properties across the clouds architecture? How can security be assessed, measured or scaled in respect to a certain predefined set of security properties (assurance levels)? How to aggregate/inherit security across different stake holders in Cloud? R. Bless, Flittner, M., Horneber, J., Hutchison, D., Jung, C., Pallas, F., Schöller, M., Shirazi, S. Noor ul Ha, Simpson, S., and Smith, P., Whitepaper "AF 1.0" SECCRIT Architectural Framework. 2014. (and IEEE CloudCom) 10/07/2014 SECCRIT Consortium 2

Research Activities Establish a catalogue of the most relevant security concerns (based on established work) o Classify them per classes o Distinguish their relevance Provide a compact methodology for assessment and aggregation of these security concerns horizontally and vertically Define policy of aggregation for certain set security properties Propose an empirical evaluation of the methodologies proposed 10/07/2014 SECCRIT Consortium 3

Security properties Security-aware SLA specification language and cloud security dependency model Certification models Core Certification mechanisms Methodologies for Risk Assessment and Management The Notorious Nine: Cloud Computing Top Threats in 2013 10/07/2014 SECCRIT Consortium 4

Assurance Assessment Framework ABSTRACTION LEVEL User Level Application Level Critical Infrastructure Target of Evaluation Dependencies CI Service Framework elements: Component of Evaluation (CoE) o Component dependencies (CD) o Association (AS) Group of Evaluation (GoE) Target of Evaluation (ToE) Virtual Infrastructure Level Tenant Physical Infrastructure Level Cloud Infrastructure Assurance Profile: o o o o o GROUP OF EVALUATION GROUP OF EVALUATION Assurance Type (AT) Assurance Properties (AP) Assurance Class (AC) Security Objectives (SO) Assessment Interval (AI) Common Criteria Framework for Information Technology Security Evaluation, CCDB USB Working Group, 2012, part 1-3. Online available: http://www.commoncriteriaportal.org. 10/07/2014 SECCRIT Consortium 5

Aggregation Policies (1) Tree model: CoE A AL=3 CoE B CoE C AL=3 AL=4 Aleksandar Hudic, Thomas Hecht, Markus Tauber, Andreas Mauthe, and Santiago Caceres Elvira, "Towards Continuous Cloud Service Assurance for Critical Infrastructure IT", IEEE International Conference on Future Internet of Things and Cloud (FiCloud 2014) 10/07/2014 SECCRIT Consortium 6

Aggregation Policies (2) Policy Elements: Dependency Assurance Class (DAC) - defines the requirement for the underplaying objects in terms of security properties Dependency Security Properties (DSP) - defined set of properties for the underplaying objects Dependency Assurance Class (DBM) bitmask which defines minimum requirements per Security Property for underplaying objects 10/07/2014 SECCRIT Consortium 7

Aggregation Policies (3) Tree model: CoE A AL=2 CoE B CoE C Features: Recursive assurance aggregation Overall assurance Dynamic infrastructure assessment Flexible object assessment AC 1 =100 AC 2 =110 AC 3 =101 AC 1 =111 AC 2 =110 AC 3 =101 CoE B SP 1 SP 2 SP 3 AC 1 1 0 0 AC 2 1 1 0 AC 3 1 0 1 CoE C SP 1 SP 2 SP 3 AC 1 1 1 1 AC 2 1 1 0 AC 3 1 0 1 10/07/2014 SECCRIT Consortium 8

Assurance levels Tree model: CoE A AL=2 CoE B SP 1 SP 2 SP 3 AC 1 1 0 0 AC 2 1 1 0 AC 3 1 0 1 CoE B AC 1 =100 AC 2 =110 AC 3 =101 CoE C AC 1 =111 AC 2 =110 AC 3 =101 CoE C SP 1 SP 2 SP 3 AC 1 1 1 1 AC 2 1 1 0 AC 3 1 0 1 SP 1 SP 2 SP 3 CoE B {AC 1 } 1 1 1 CoE C {AC 1 } 1 1 0 CoE B {AC 1 } CoE B {AC 1 } 1 1 0 10/07/2014 SECCRIT Consortium 9

Conclusion Strong security assessment framework for Cloud infrastructures is required Flexible Technology independent Both User and Provider centric Non invasive on the Cloud infrastructure 10/07/2014 SECCRIT Consortium 10

SEcure Cloud computing for CRitical Infrastructure IT Thank you for your attention! Contact Aleksandar Hudic AIT 0043 664 88390 711 aleksandar.hudic@ait.ac.at AIT Austrian Institute of Technology ETRA Investigación y Desarrollo Fraunhofer Institute for Experimental Software Engineering IESE Karlsruhe Institute of Technology NEC Europe Lancaster University Mirasys Hellenic Telecommunications Organization OTE Ayuntamiento de Valencia Amaris

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information