Descargar la presentación
La descarga está en progreso. Por favor, espere
1
Sembrando confianza en el CLOUD Oscar López Área I+D+i XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013
2
SEED4C. Sembrando confianza en el CLOUD Servicios en CLOUD UserApplicationMiddlewareOSHardwareNetworkFacility IaaSPaaSSaaS Cloud provider Cloud customer ¿Seguridad TI y ahorro de costes es posible?
3
SEED4C. Sembrando confianza en el CLOUD Coordinación del proyecto: Alcatel-Lucent Bell Labs Inicio: Abril 2012 Cierre: Septiembre 2014 Duración: 30 meses 4 países: Finlandia, Francia, Corea y España
4
SEED4C. Sembrando confianza en el CLOUD How to increase the Trust in Cloud Services ? Up to 80% of problems may be solved with a protected execution & a proper policy enforcement.
5
SEED4C. Sembrando confianza en el CLOUD Can we “plant” SEEDs in the Cloud to increase trust ? Building a Trusted Cloud Computing Base TCCB Based on A Cloud of minimal Trusted Computing Bases: the SEEDs managed by the NoSE
6
SEED4C. Sembrando confianza en el CLOUD Security Embedded Element and Data Privacy for Cloud infraestructures Introduction of NoSE. Network of Secure elements
7
SEED4C. Sembrando confianza en el CLOUD SEED4C. Concept
8
SEED4C. Sembrando confianza en el CLOUD SEED4C. Concept
9
SEED4C. Sembrando confianza en el CLOUD SEED4C. Concept
10
SEED4C. Sembrando confianza en el CLOUD Deliver Trusted Services in a multi-nodes Trusted Cloud Execution Enviroment 10 Policy Execution Trust & Assurance Network Servers more… Trusted Execution Trust & Assurance
11
SEED4C. Sembrando confianza en el CLOUD SECURITY PLANE / NoSE USER’S DEVICE END to END TRUSTED SERVICES User’s SEED enrolled in NoSE Trust & Assurance And deliver End to End security to users
12
SEED4C. Sembrando confianza en el CLOUD Infra Provider Infra Provider SaaS Provider SaaS Provider User / Tenant PaaS Provider PaaS Provider Device Provider Device Provider In a multi-party policy driven architecture
13
SEED4C. Sembrando confianza en el CLOUD And provide compliance and evidence Logs and audit features enforced by the NoSE Change Management of the Trusted Architecture tracked down thanks to the NoSE and central management Change workflow may be enforced too by trusted actors
14
SEED4C. Sembrando confianza en el CLOUD Cómo distribuir los elementos seguros dentro de una infraestructura para que proporcionen valor añadido a la plataforma y los servicios. Cómo conseguir un balance de carga y comunicación seguros entre y desde los elementos seguros (SE) a las máquinas integradas. Cómo abordar la ejecución de políticas (centradas en la Identidad y Privacidad), trazabilidad y garantía de los servicios finales. Retos de investigación
15
SEED4C. Sembrando confianza en el CLOUD Retos de investigación
16
SEED4C. Sembrando confianza en el CLOUD SEEDs planting: Granularity – Network, hypervisors, servers, storage, devices – Strategic places IaaS, PaaS, SaaS Multiple form factors required to match physical constraints – Secure Embedded Elements, TPM, Software in a TEE, Dedicated VM, OS Component Network of Secure Elements (NoSE) – Communication protocols across SEEDs Scalability of the architecture Enrollment & Lifecycle of equipment, VMs, SEEDs in the NoSE – Enroll equipment, attach them to SEEDs Credential management Valor añadido
17
SEED4C. Sembrando confianza en el CLOUD Mapeo de los casos de uso Net aaS PaaS IaaS SaaS NoSE Client Access Device 1: BYOD / protection of corp data 2: Airport equipment Mgt. 3: HSM+Key Ceremony 4: Enterprise Collaboration 5: ePayment, PCI/DSS 6: IAM Auth + Auditing 7: Security at IaaS Level 8: Monitoring Security at PaaS Layer 9: Admin Access & Audit management/logs 10: Telco Services in the cloud, multi tenancy protection 11: eGov. Services, Data protection 12: SVPDC, Virtual Data Center management
18
SEED4C. Sembrando confianza en el CLOUD eGoverment services data protection
19
SEED4C. Sembrando confianza en el CLOUD eGoverment services data protection
20
SEED4C. Sembrando confianza en el CLOUD Before SEED4CAfter SEED4C Security solutions based on independent, proprietary and independent elements to secure data in the cloud Enhanced security related functionality to control, access and store protected data in the cloud Adopt the seeds developed for the e- Government service to manage and store this protected data in their own infrastructure Add more layers of security using a network of secure elements: Compliance, Traceability and Auditability. eGoverment services data protection
21
SEED4C. Sembrando confianza en el CLOUD Centralized cloud services for airport management
22
SEED4C. Sembrando confianza en el CLOUD Before SEED4CAfter SEED4C Security solutions based on independent, proprietary and independent elements to secure data in the cloud Enhanced security related functionalities Add more layers of security using a network of secure elements Provide a NoSE interconnected generating a trusted network that provides a layer of security to the entire system: Compliance, Traceability and Auditability. Centralized cloud services for airport management
23
SEED4C. Sembrando confianza en el CLOUD Propiedades de seguridad
24
SEED4C. Sembrando confianza en el CLOUD
25
¡Muchas Gracias! XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013 Oscar López Area I+D+i ¡Síguenos en Redes Sociales!
Presentaciones similares
