Your SlideShare is downloading. ×
Aniketos  2nd cluster meeting
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Aniketos 2nd cluster meeting

396
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
396
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Aniketos: Supporting Trustworthy and Secure Composition inService and Cloud Environments Per Håkon Meland Erkuden Rios Velasco David Llewellyn-Jones http://aniketos.eu 4th of July 2011 Effectsplus Clustering Event, Amsterdam
  • 2. Contents Background Project overview Objective, facts, partners Challenges we are facing and what we can do about them…Box image by ba1969: http://www.sxc.hu/photo/1301543 Effectsplus July 2011 2
  • 3. Future Internet Networked services From monolithic full-service stack suppliers To dynamic services built using multiple services from multiple providers Autonomic computing paradigm Self-management Self-healing Self-configuration Self-protection Dynamic mix of Cloud/non-cloud services depending on Service availability Functionality Price Performance Trustworthiness Security features Effectsplus July 2011 3
  • 4. Aniketos Project The main objective of Aniketos is to help establish and maintain trustworthiness and secure behaviour in a dynamically changing environment of composite services. Methods, tool support and security services to support design-time creation and run-time (re-)composition of dynamic services Notifications about threats and changes Socio-technical evaluations for acceptance and effective security ICT FP7 Objective 1.4: Secure, dependable and trusted infrastructures Started August 2010 running until February 2014 See http://aniketos.eu Effectsplus July 2011 4
  • 5. Compose Service Case Studies Air traffic service pool SESARFuture telecom services Photo by Joe Lipson, CC license eGovernance: Land buying Effectsplus July 2011 5
  • 6. Aniketos Consortium Athens Technology Center SA Atos Origin DAEM S.A. DeepBlue SELEX ELSAG (ex Elsag Datamat) Italtel Liverpool John Moores University National Research Council of Italy SAP SEARCH Lab Ltd Stiftelsen SINTEF Tecnalia Research & Innovation Thales University of Salzburg University of Trento Waterford Institute of Technology Wind Telecomunicazioni S.p.A. Effectsplus July 2011 6
  • 7. Composite Security Not just enforcing single security property on all services Distributed services from multiple providers Difficulty knowing if a policy is violated or not Service providers agree to fulfil a customer’s policy Need to know whether their service can fulfil it Need to decide whether this is the case Need tools to determine security properties based on composition Effectsplus July 2011 7
  • 8. Example A ‘recursive services’ scenario Using a service, don’t need to know (or care) whether it’s a single service or composite service When determining the trustworthiness or security of a service, these issues may be critical! Data flow: Where is my data stored? Who has access to these data? How are they stored? How are they deleted? Which laws and policies apply? Effectsplus July 2011 8
  • 9. Source: http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225 Effectsplus July 2011 9
  • 10. Composite Trust Services require not just security, but also trust Service provider claims to fulfil a security policy How can a service consumer trust this? Need tools for quantification of trustworthiness and verification Composite services introduce Composite trust Chains of trust Requirements on careful attribution Who’s trustworthiness rating should be affected if something goes wrong? Effectsplus July 2011 10
  • 11. Aniketos Remedies for Composite Security and TrustExpress security and trustworthiness requirementsthrough graphical modellingGeneration of security SLA templatesDiscovery, matching and planningProvide design-time and runtime modules for evaluatingand monitoring security and trustworthiness betweenservice stakeholdersSubscription-based notifications and alerts (“early-warning”) Effectsplus July 2011 11
  • 12. Societal Acceptance and Effective SecurityTrust and security are not only technical matters Depend heavily on the human factors to be effectiveComposite services are often complex Service end user should have an easy and understandable way of relying on its trustworthinessAniketos contribution Define a user-centred view on service trust and security Investigate user acceptance and practical usability Use case studies for future European services Effectsplus July 2011 12
  • 13. Summary of Security and Trust Challenges for the Future Internet Services made up of other services Service composition may not be obvious externally Services provided by multiple providers Service components change; trust information may not be available Widespread adoption means security must be clear for non-technical usersPadlock image from arinas74: http://www.sxc.hu/photo/1056349 Effectsplus July 2011 13
  • 14. Aniketos Approach Make composite services able to establish and maintain security and trustworthiness Effectsplus July 2011 14 / 27
  • 15. Aniketos Approach Make composite services able to establish and maintain security and trustworthiness Effectsplus July 2011 15 / 27
  • 16. Aniketos Approach – Objectives Ensure and manage trustworthiness of interoperable and dynamically evolving services (through trust models and metrics) Develop integral framework providing methods and tool support for secure interoperable service development, composition, adaptation and management through concept of Security Engineering Define how to efficiently analyse, solve and share information on how new threats and vulnerabilities can be mitigated or how services can adapt to them Promote and contribute to best practices, standards and own certification work related to security and trust Demonstrate and evaluate practical use of security techniques, frameworks, patterns and tools in ordinary development of software and service with end-user trials Effectsplus July 2011 16 / 27
  • 17. Aniketos Approach Effectsplus July 2011 17 / 27
  • 18. Platform Overview This approach is reflected in the platform design Incorporates The Aniketos platform The Aniketos platform Design-time support Design-time support Runtime support Design-time support Runtime support Run-time support Trustworthiness definition Trustworthiness monitoring and evaluation Trustworthiness definition and evaluation Trustworthiness monitoring Community support and evaluation and evaluation Security property definition Runtime validation of secure Security properties are defined and evaluated Securityevaluation and property definition and evaluation service behaviour Runtime validation of secure service behaviour Trustworthiness underpins security claims Composite service analysis and preparation Composite service analysis Composite service adaptation and recomposition Composite service adaptation and preparation and recomposition Threat context included in analysis Community support Composite analysis allows trust and security Community support properties to be understood in the context of Reference architecture and patterns Reference architecture and Threat analysis and notification Threat analysis and notification patterns composite services End user trust and assurance Aniketos market place End user trust and assurance Aniketos market place Support provided in terms of Reference designs and security patterns Threat information Notifications Effectsplus July 2011 18 / 27
  • 19. Key Concepts Trust Used to determine whether offered security contracts are likely to be adhered to Security Security requirements are defined by a security contract requested by the consumer, and fulfilled by a security policy agreed by the provider Threats Threats define the context Different security may be needed as new threats and vulnerabilities are identified Effectsplus July 2011 19 / 27
  • 20. Threat Detection and Response Service deployment environment is dynamic Fluctuating threats picture for service providers Changing operating conditions for end users New attack methods and capabilities emerge Flaws and vulnerabilities may be discovered in services Aniketos contribution Investigating new threat landscape Investigate threats to composite services Undertake work in understanding their nature Establish how to deal with them Effectsplus July 2011 20/27