Secure Data Sharing and Processing in Heterogeneous Clouds. Bojan Suzic, Graz University of Technology



Similar documents
Cloud for Europe lessons learned

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

The problem of cloud data governance

Boosting Productivity and Innovation Through. Public Sector Compliant Cloud Services

M-CLOUD INITIATIVE: PROVIDING IT SERVICES FOR SOCIETY Iurie Țurcanu e-government Center

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

The PerspecSys PRS Solution and Cloud Computing

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

Cloud for Europe trusted Cloud Services for the European market for public administrations

Cloud and surveillance

Data Privacy in the Cloud E-Government Perspective

Chapter 1: Introduction

Cloud Security Introduction and Overview

Cyber Security and Privacy

Sofware Engineering, Services and Cloud Computing

Privacy by Design. Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of

Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cisco Intercloud Fabric for Business

Secure Cloud Identity Wallet

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Solution & Design Architecture

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Summary Report Report # 1. Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions

Product Overview. UNIFIED COMPUTING Managed Hosting Compute

Privacy-Preserving Distributed Encrypted Data Storage and Retrieval

CHAPTER 1 INTRODUCTION

Cloud Data Security. Sol Cates

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Forthcoming EU Data Protection Law

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Gaia Reply TM as a Service. Mobile Living Framework

IBM EXAM QUESTIONS & ANSWERS

Cloud Forensics: an Overview. Keyun Ruan Center for Cyber Crime Investigation University College Dublin

Creating a Strong Security Infrastructure for Exposing JBoss Services

Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Cloud Safety and Privacy in Europe

CHAPTER 8 CLOUD COMPUTING

Authentication and Authorization Systems in Cloud Environments

Towards a New Model for the Infrastructure Grid

Cloud for Europe (interim) lessons learned

ABC of Storage Security. M. Granata NetApp System Engineer

Internet Connection Quality Evaluation Tool The NetTest platform

IaaS Federation. Contrail project. IaaS Federation! Objectives and Challenges! & SLA management in Federations 5/23/11

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

An introduction to Cryptosoft

Compliance for the Road Ahead

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

World Summit on Information Society (WSIS) Forum May 2013

HIPAA and HITECH Compliance Simplification. Sol Cates

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

ICT 6: Cloud computing

Enterprise Security Solutions

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

Cloud Computing Security Audit

An open source software tool for creating and managing patient consents electronically in IHE XDS.b environments

Encryption Made Simple

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Security & Privacy Issues in Mobile Cloud Computing

QoS Resource Management for Cloud Federations

Cloud Computing. P a n a g i o t i s F o u z a s I T S o l u t i o n s M a n a g e r

Cloud Computing. by Civic Consulting (research conducted October 2011 January 2012)

Online/Cloud Services Trust challenges & eidentity-aspects

How To Secure Cloud Infrastructure

Protegrity Data Security Platform

White Paper on CLOUD COMPUTING

Privacy & Security of Mobile Cloud Computing (MCC)

Business Values of Network and Security Virtualization

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Energy Efficient Systems

Secured Enterprise eprivacy Suite

Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this.

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

Oracle Database 11g: Security. What you will learn:

Securing the E-Health Cloud

Using AWS in the context of Australian Privacy Considerations October 2015

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net

Contents Huntcliff, Suite 1350, Atlanta, Georgia, 30350, USA

ORGANIZATION S DATA INCREASES

ICT 7: Advanced cloud infrastructures and services. ICT 8: Boosting public sector productivity and innovation through cloud computing services

Pre-Commercial Procurement (PCP)

Relational Databases in the Cloud

Enterprise Data Protection

Processo civile telematico «on line civil trial»

Building the Business Case for Cloud: Real Ways Private Cloud Can Benefit Your Organization

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security

Best Practices for Creating the Network-Enabled Cloud The Definitive Step-by-Step Guide

Usage Control in Cloud Systems

Digital Agenda for Europe Cartagena de Indias, September 1, 2015

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Risks and Countermeasures in the Public Cloud

Securing Virtual Applications and Servers

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Transcription:

Secure Data Sharing and Processing in Heterogeneous Clouds Bojan Suzic, Graz University of Technology 1

Presentation Outline SUNFISH Project Cloud Service for Public Administration Practical Approach Data Sharing and Processing Enforcement and Monitoring Architectures Summary 2

SUNFISH Project SecUre information SHaring in federated heterogeneous private clouds H2020 Project, ICT: Advanced Cloud Infrastructure and Services Started in January 2015, aimed for three years Budget ~4,5 Mil. Involves eleven partners from diverse environments, including: public bodies, universities, IT developers, R&D institutions Partners from six countries: Italy, UK, Israel, Estonia, Malta, Austria 3

Cloud Services for Public Administration Public Cloud Services? Administrative obstacles (e.g. procurement) Legal issues (e.g. data localization, cross-border transactions) Security and privacy (e.g. confidentiality, integrity, accountability) Federation of private clouds for public administration? Lack of infrastructure and technology Considering public sector needs and requirements Additional dimensions of efficiency, utilization, elasticity Challenges: Heterogeneity and interoperability Data security, process transparency, legal compliance 4

Cloud Services for Public Administration SUNFISH aims to address the lack of infrastructure and technology for federation of private clouds considering the needs of public sector Specific objectives: Integrate different clouds assuring information security Greater infrastructure usage efficiency thanks to a more effective workload management in shared private clouds The development of services for EU citizens which use sensitive data shared securely between different private clouds 5

Practical Approach Use case 1 Data and resource sharing in federated private clouds Collaboration of two organizations Requirements: scalability and security Private, shared and secure zones Data is shared and processed in isolated instances Data transformation: masking sensitive information Monitoring the data flows and enforcement 6

Practical Approach Use case 2 Data and resource sharing in federated private public clouds Secure collaboration of public entity with data providers Sharing the data between entities, traversing from private sector, to public, and back Requirements: scalability, security, interoperability Transforming the data, masking sensitive parts Performing processing in secured environment Monitoring the data flows and activities 7

Practical Approach Use case 3 Data sharing based on fine grained, dynamic policies Private-cloud centered Data shared to external entities, in controlled, transparent and traceable manner Requirements: security, interoperability Fine grained, adaptable, dynamic security policies Monitoring the data flows and enforcement 8

Data Sharing Data sharing Conforms to common and organization-specific security policies Using legislation aware approach Performed using isolated and secure environment Data transformation based on: Format-preserving encryption Masking/tokenization Attribute-based encryption Key and tokenization management using SUNFISH framework services 1) 1) Reimair et al. WebCrySIL - Web Cryptographic Service Interoperability Layer. (2015) 9

Data Processing Data processing Common and organization-specific security policies, considering security-level objectives and legislative requirements Performed in isolated and secure environment Data processing based on: Original data, decrypted or unmasked and processed in a secure environment Using secure multi-party computation 2) 2) Bogdanov et al. A universal toolkit for cryptographically secure privacy-preserving data mining. (2012) 10

Enforcement Architecture Based on enhanced XACML architecture and policy language Policy-enforcement point ensures the conformance to security policies on the level of each zone and instance Policy-decision point is located in SUNFISH common environment, evaluates requests and checks their conformance to security policies and legal requirements 11

Monitoring Architecture Assuring security and accountability Exists independently of the enforcement infrastructure Deployed at various service and infrastructure levels, in cross-cloud setting Intercepts and monitors each action and interaction, on a cloud-wide basis Validates policy enforcement and executes the actions upon its violation Integrated with visual console 12

Summary Establishment of secure system for federated private clouds Conforming to the needs of public administrations Focused on security Neutral in the terms of vendors, platforms, systems Validated using real-world use cases 13

Any questions? Thank you very much 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information