Successfully reported this slideshow.

Seguridad: sembrando confianza en el cloud

0

Share

1 of 25
1 of 25

More Related Content

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Seguridad: sembrando confianza en el cloud

  1. 1. Sembrando confianza en el CLOUD Oscar López Área I+D+i XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013
  2. 2. SEED4C. Sembrando confianza en el CLOUD Servicios en CLOUD IaaS PaaS SaaS Cloud provider Cloud customer ¿Seguridad TI y ahorro de costes es posible?
  3. 3. SEED4C. Sembrando confianza en el CLOUD • Coordinación del proyecto: Alcatel-Lucent Bell Labs • Inicio: Abril 2012 • Cierre: Septiembre 2014 • Duración: 30 meses • 4 países: Finlandia, Francia, Corea y España
  4. 4. SEED4C. Sembrando confianza en el CLOUD • How to increase the Trust in Cloud Services ? Up to 80%of problems may be solved with a protected execution & a proper policy enforcement.
  5. 5. SEED4C. Sembrando confianza en el CLOUD • Can we “plant” SEEDs in the Cloud to increase trust ? Building a Trusted Cloud Computing Base TCCB Based on A Cloud of minimal Trusted Computing Bases: the SEEDs managed by the NoSE
  6. 6. SEED4C. Sembrando confianza en el CLOUD • Security Embedded Element and Data Privacy for Cloud infraestructures Introduction of NoSE. Network of Secure elements
  7. 7. SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
  8. 8. SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
  9. 9. SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
  10. 10. SEED4C. Sembrando confianza en el CLOUD • Deliver Trusted Services in a multi-nodes Trusted Cloud Execution Enviroment 10 Policy Execution Trust & Assurance • Network • Servers • more… Trusted Execution Trust & Assurance
  11. 11. SEED4C. Sembrando confianza en el CLOUD SECURITY PLANE / NoSEUSER’S DEVICE END to END TRUSTED SERVICESEND to END TRUSTED SERVICES User’s SEED enrolled in NoSE Trust & Assurance • And deliver End to End security to users
  12. 12. SEED4C. Sembrando confianza en el CLOUD Infra Provider SaaS Provider User / Tenant PaaS Provider Device Provider • In a multi-party policy driven architecture
  13. 13. SEED4C. Sembrando confianza en el CLOUD • And provide compliance and evidence • Logs and audit features enforced by the NoSE • Change Management of the Trusted Architecture tracked down thanks to the NoSE and central management • Change workflow may be enforced too by trusted actors
  14. 14. SEED4C. Sembrando confianza en el CLOUD • Cómo distribuir los elementos seguros dentro de una infraestructura para que proporcionen valor añadido a la plataforma y los servicios. • Cómo conseguir un balance de carga y comunicación seguros entre y desde los elementos seguros (SE) a las máquinas integradas. • Cómo abordar la ejecución de políticas (centradas en la Identidad y Privacidad), trazabilidad y garantía de los servicios finales. • Retos de investigación
  15. 15. SEED4C. Sembrando confianza en el CLOUD • Retos de investigación
  16. 16. SEED4C. Sembrando confianza en el CLOUD • SEEDs planting: Granularity – Network, hypervisors, servers, storage, devices – Strategic places IaaS, PaaS, SaaS • Multiple form factors required to match physical constraints – Secure Embedded Elements, TPM, Software in a TEE, Dedicated VM, OS Component • Network of Secure Elements (NoSE) – Communication protocols across SEEDs • Scalability of the architecture • Enrollment & Lifecycle of equipment, VMs, SEEDs in the NoSE – Enroll equipment, attach them to SEEDs • Credential management • Valor añadido
  17. 17. SEED4C. Sembrando confianza en el CLOUD • Mapeo de los casos de uso Net aaS PaaS IaaS SaaS NoSE Client Access Device 1: BYOD / protection of corp data 2: Airport equipment Mgt. 3: HSM+Key Ceremony 4: Enterprise Collaboration 5: ePayment, PCI/DSS 6: IAM Auth + Auditing 7: Security at IaaS Level 8: Monitoring Security at PaaS Layer 9: Admin Access & Audit management/logs 10: Telco Services in the cloud, multi tenancy protection 11: eGov. Services, Data protection 12: SVPDC, Virtual Data Center management
  18. 18. SEED4C. Sembrando confianza en el CLOUD • eGoverment services data protection
  19. 19. SEED4C. Sembrando confianza en el CLOUD • eGoverment services data protection
  20. 20. SEED4C. Sembrando confianza en el CLOUD Before SEED4C After SEED4C •Security solutions based on independent, proprietary and independent elements to secure data in the cloud •Enhanced security related functionality to control, access and store protected data in the cloud •Adopt the seeds developed for the e- Government service to manage and store this protected data in their own infrastructure •Add more layers of security using a network of secure elements: Compliance, Traceability and Auditability. • eGoverment services data protection
  21. 21. SEED4C. Sembrando confianza en el CLOUD • Centralized cloud services for airport management
  22. 22. SEED4C. Sembrando confianza en el CLOUD Before SEED4C After SEED4C •Security solutions based on independent, proprietary and independent elements to secure data in the cloud •Enhanced security related functionalities •Add more layers of security using a network of secure elements •Provide a NoSE interconnected generating a trusted network that provides a layer of security to the entire system: Compliance, Traceability and Auditability. • Centralized cloud services for airport management
  23. 23. SEED4C. Sembrando confianza en el CLOUD • Propiedades de seguridad
  24. 24. SEED4C. Sembrando confianza en el CLOUD
  25. 25. ¡Muchas Gracias! XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013 Oscar López Area I+D+i ¡Síguenos en Redes Sociales!

Editor's Notes

  • Seguridad TI y ahorro de costes es posible?
  • Seguridad TI y ahorro de costes es posible?
  • ×