seguridad: sembrando confianza en el cloud

Sembrando confianza en el CLOUD

Oscar LópezÁrea I+D+i

XV Jornadas de Seguridad NEXTEL S.A.

27/06/2013

SEED4C. Sembrando confianza en el CLOUD

Servicios en CLOUD

IaaS PaaS SaaS

Cloud provider

Cloud customer

¿Seguridad TI y ahorro de costes es posible?


• Coordinación del proyecto: Alcatel-Lucent Bell Labs• Inicio: Abril 2012• Cierre: Septiembre 2014• Duración: 30 meses• 4 países: Finlandia, Francia, Corea y España


• How to increase the Trust in Cloud Services ?

Up to

80% of problems may be

solved with a protected execution & a proper policy enforcement.


• Can we “plant” SEEDs in the Cloud to increase trust ?

Building a

Trusted Cloud Computing Base

TCCB

Based on

A Cloud of minimal Trusted Computing Bases:

the SEEDs managed by the NoSE


• Security Embedded Element and Data Privacy for Cloud infraestructures

Introduction of NoSE. Network of Secure elements


• SEED4C. Concept


• Deliver Trusted Services in a multi-nodes Trusted Cloud Execution Enviroment

10

PolicyExecution

Trust &Assurance

• Network• Servers• more…

TrustedExecution

Trust &Assurance


SECURITY PLANE / NoSEUSER’SDEVICE

END to END TRUSTED SERVICESEND to END TRUSTED SERVICES

User’s SEED enrolled in NoSETrust &Assurance

• And deliver End to End security to users


InfraProvider

SaaSProvider

User / Tenant

PaaSProvider

DeviceProvider

• In a multi-party policy driven architecture


• And provide compliance and evidence

• Logs and audit features enforced by the NoSE

• Change Management of the Trusted Architecture tracked down thanks to the NoSE and central management

• Change workflow may be enforced too by trusted actors


• Cómo distribuir los elementos seguros dentro de una infraestructura para que proporcionen valor añadido a la plataforma y los servicios.

• Cómo conseguir un balance de carga y comunicación seguros entre y desde los elementos seguros (SE) a las máquinas integradas.

• Cómo abordar la ejecución de políticas (centradas en la Identidad y Privacidad), trazabilidad y garantía de los servicios finales.

• Retos de investigación


• Retos de investigación


• SEEDs planting: Granularity– Network, hypervisors, servers, storage, devices– Strategic places IaaS, PaaS, SaaS

• Multiple form factors required to match physical constraints– Secure Embedded Elements, TPM, Software in a TEE,

Dedicated VM, OS Component

• Network of Secure Elements (NoSE) – Communication protocols across SEEDs

• Scalability of the architecture

• Enrollment & Lifecycle of equipment, VMs, SEEDs in the NoSE– Enroll equipment, attach them to SEEDs

• Credential management

• Valor añadido


• Mapeo de los casos de uso

NetaaS

PaaS

IaaS

SaaS

NoSE

ClientAccessDevice

1: BYOD / protection

of corp data

2: Airport equipment Mgt.

3: HSM+Key Ceremony

4: Enterprise Collaboration

5: ePayment,

PCI/DSS

6: IAM Auth +

Auditing

7: Security at IaaS Level

8: Monitoring Security at PaaS Layer

9: Admin Access & Audit management/logs

10: Telco Services in the cloud, multi

tenancy protection

11: eGov. Services,

Data protection

12: SVPDC, Virtual Data Center

management


• eGoverment services data protection


Before SEED4C After SEED4C•Security solutions based on independent, proprietary and independent elements to secure data in the cloud

•Enhanced security related functionality to control, access and store protected data in the cloud

•Adopt the seeds developed for the e-Government service to manage and store this protected data in their own infrastructure

•Add more layers of security using a network of secure elements: Compliance, Traceability and Auditability.

• eGoverment services data protection


• Centralized cloud services for airport management


Before SEED4C After SEED4C

•Security solutions based on independent, proprietary and independent elements to secure data in the cloud

•Enhanced security related functionalities

•Add more layers of security using a network of secure elements

•Provide a NoSE interconnected generating a trusted network that provides a layer of security to the entire system: Compliance, Traceability and Auditability.

• Centralized cloud services for airport management


• Propiedades de seguridad

¡Muchas Gracias!

XV Jornadas de Seguridad NEXTEL S.A.

27/06/2013

Oscar LópezArea I+D+i

¡Síguenos en Redes Sociales!

seguridad: sembrando confianza en el cloud

Documents