TREDISEC: hacia unas infraestructuras Cloud más seguras y … · 2016. 5. 3. · between 2010 and...
Transcript of TREDISEC: hacia unas infraestructuras Cloud más seguras y … · 2016. 5. 3. · between 2010 and...
https://cybercamp.es
TREDISEC: hacia unas
infraestructuras Cloud más seguras y
confiablesBeatriz Gallego-Nicasio Crespo
Research & Innovation
Atos
2
Índice de Contenidos
1. Situación actual
a. Adopción de infraestructuras Cloud
b. Amenazas y barreras
2. El proyecto TREDISEC
a. Visión: requisitos funcionales vs. no-funcionales
(seguridad)
b. Soluciones propuestas
c. Evaluación
d. Investigación e innovación
Tendencias de adopción del Cloud
3
4 million jobs by 2020 in Europe
1 trillion € in GDP
Growth cloud economy
The aim of EU is to promote free movement of data in the European
Union and tackle restrictions to data location and access to encourage
innovation.
The expected cumulative economic effects of cloud computing
between 2010 and 2015 in the five largest European economies alone is
around € 763 Billion.
The economy and society of Europe need to make the
most of digital. 47% of EU population is not properly
digitally skilled, yet in the near future, 90% of jobs will
require some level of digital skills.
Due to its exponential growth in recent years, cloud computing is no
longer considered as an emerging technology. However, it cannot yet
be considered a mature and stable technology either.
Principales amenazas
Information Leakage
Code Injection
Identity Theft
Data Breaches
Worms/Trojans
Phishing
Denial of Service
Exploit Kits
Physical Damage/Loss/Theft
Botnets
Malicious Hacktivists
Organized Crime &
Terrorists
Internal Actors & Industrial Espionage
Accidental Data Loss
4
Source: CAPITAL project
Principales barreras: falta de confianza
5
Privacidad y cumplimiento regulatorio
6
+ =
Estado del arte:
Mapear nuevos escenarios y casos
de uso a una selección de controles
de seguridad (basados en standards
como CSA CCM o ISO 27017)
CSA data governance framework
Seguridad en Cloud: fragmentación
tecnológica y falta de estandarización ISO
ISO / EIC 27018 Code of practice for data protection controls for
public cloud computing services
NIST NIST 800-53 Rev.4 Security Controls
NIST Security Reference Architecture
CSA Cloud Controls Matrix (CCM)
Open Certification Framework (OCF)
Cloud Trust Protocol (CTP)
CloudAudit
Privacy Level Agreement
EuroCloud EuroCloud Star Audit (ESCA)
Open Data Center Alliance Data Security Framework
7
El proyecto
8
TREDISEC: Trust-aware, REliable and Distributed
Information SEcurity in the Cloud
9
H2020-ICT-2014-1, ICT-32-2014 Cybersecurity, Trustworthy ICT
Research and Innovation action, G.A. no. 644412
Duración: 36 meses (abril 2015 – marzo 2018)
Follow us! www.tredisec.eu
https://www.linkedin.com/grp/home?gid=8291972
@TREDISECproject
Visión: requisitos funcionales vs. no-
funcionales (seguridad)
10
Soluciones propuestas: TREDISEC
primitives
11
Mecanismos de Seguridad para
crear/mejorar entornos Cloud seguros,
incluyendo:
Deduplication on encrypted and multi-
tenant data
Integrity and availability checks of multi-
tenant data in presence of storage
efficiency
Secure deletion of multi-tenant data in
presence of deduplication
Storage efficiency in presence of securely
outsourced database management
systems
Secure outsourced analytics/processing in
a multi-tenant environment
Trustworthy, consistent and conflict-free
access control for multi-tenancy settings
Distributed enforcement of control policies
Soluciones propuestas: TREDISEC
framework
12
Framework para la configuración y el despliegue semi-automático de
mecanismos de seguridad en infraestructuras Cloud existentes
Evaluación: escenarios y casos de uso
13
Investigación e Innovación
TREDISEC Key Innovation
Points
14
Framework for continuous
innovation assessment
https://cybercamp.es @CyberCampEs#CyberCamp15
Contacto:
Beatriz Gallego-Nicasio [email protected]
Cybersecurity Lab, Research & Innovation, Atos