https://cybercamp.es

TREDISEC: hacia unas

infraestructuras Cloud más seguras y

confiablesBeatriz Gallego-Nicasio Crespo

Research & Innovation

Atos

2

Índice de Contenidos

1. Situación actual

a. Adopción de infraestructuras Cloud

b. Amenazas y barreras

2. El proyecto TREDISEC

a. Visión: requisitos funcionales vs. no-funcionales

(seguridad)

b. Soluciones propuestas

c. Evaluación

d. Investigación e innovación

Tendencias de adopción del Cloud

3

4 million jobs by 2020 in Europe

1 trillion € in GDP

Growth cloud economy

The aim of EU is to promote free movement of data in the European

Union and tackle restrictions to data location and access to encourage

innovation.

The expected cumulative economic effects of cloud computing

between 2010 and 2015 in the five largest European economies alone is

around € 763 Billion.

The economy and society of Europe need to make the

most of digital. 47% of EU population is not properly

digitally skilled, yet in the near future, 90% of jobs will

require some level of digital skills.

Due to its exponential growth in recent years, cloud computing is no

longer considered as an emerging technology. However, it cannot yet

be considered a mature and stable technology either.

Principales amenazas

Information Leakage

Code Injection

Identity Theft

Data Breaches

Worms/Trojans

Phishing

Denial of Service

Exploit Kits

Physical Damage/Loss/Theft

Botnets

Malicious Hacktivists

Organized Crime &

Terrorists

Internal Actors & Industrial Espionage

Accidental Data Loss

4

Source: CAPITAL project

Principales barreras: falta de confianza

5

Privacidad y cumplimiento regulatorio

6

+ =

Estado del arte:

Mapear nuevos escenarios y casos

de uso a una selección de controles

de seguridad (basados en standards

como CSA CCM o ISO 27017)

CSA data governance framework

Seguridad en Cloud: fragmentación

tecnológica y falta de estandarización ISO

ISO / EIC 27018 Code of practice for data protection controls for

public cloud computing services

NIST NIST 800-53 Rev.4 Security Controls

NIST Security Reference Architecture

CSA Cloud Controls Matrix (CCM)

Open Certification Framework (OCF)

Cloud Trust Protocol (CTP)

CloudAudit

Privacy Level Agreement

EuroCloud EuroCloud Star Audit (ESCA)

Open Data Center Alliance Data Security Framework

7

El proyecto

8

TREDISEC: Trust-aware, REliable and Distributed

Information SEcurity in the Cloud

9

H2020-ICT-2014-1, ICT-32-2014 Cybersecurity, Trustworthy ICT

Research and Innovation action, G.A. no. 644412

Duración: 36 meses (abril 2015 – marzo 2018)

Follow us! www.tredisec.eu

https://www.linkedin.com/grp/home?gid=8291972

@TREDISECproject

Visión: requisitos funcionales vs. no-

funcionales (seguridad)

10

Soluciones propuestas: TREDISEC

primitives

11

Mecanismos de Seguridad para

crear/mejorar entornos Cloud seguros,

incluyendo:

Deduplication on encrypted and multi-

tenant data

Integrity and availability checks of multi-

tenant data in presence of storage

efficiency

Secure deletion of multi-tenant data in

presence of deduplication

Storage efficiency in presence of securely

outsourced database management

systems

Secure outsourced analytics/processing in

a multi-tenant environment

Trustworthy, consistent and conflict-free

access control for multi-tenancy settings

Distributed enforcement of control policies

Soluciones propuestas: TREDISEC

framework

12

Framework para la configuración y el despliegue semi-automático de

mecanismos de seguridad en infraestructuras Cloud existentes

Evaluación: escenarios y casos de uso

13

Investigación e Innovación

TREDISEC Key Innovation

Points

14

Framework for continuous

innovation assessment

https://cybercamp.es @CyberCampEs#CyberCamp15

Contacto:

Beatriz Gallego-Nicasio Crespobeatriz.gallego-nicasio@atos.net

Cybersecurity Lab, Research & Innovation, Atos