Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Seguridad: sembrando confianza en el cloud

901 views

Published on

Presentación de Oscar Lopez, de Nextel S.A., durante la XV Jornada de Seguridad TI de Nextel S.A. en la Alhóndiga de Bilbao el jueves 27 de junio de 2013.

  • Be the first to comment

  • Be the first to like this

Seguridad: sembrando confianza en el cloud

  1. 1. Sembrando confianza en el CLOUDOscar LópezÁrea I+D+iXV Jornadas de Seguridad NEXTEL S.A.27/06/2013
  2. 2. SEED4C. Sembrando confianza en el CLOUDServicios en CLOUDIaaS PaaS SaaSCloud providerCloud customer¿Seguridad TI y ahorro de costes es posible?
  3. 3. SEED4C. Sembrando confianza en el CLOUD• Coordinación del proyecto: Alcatel-Lucent Bell Labs• Inicio: Abril 2012• Cierre: Septiembre 2014• Duración: 30 meses• 4 países: Finlandia, Francia, Corea y España
  4. 4. SEED4C. Sembrando confianza en el CLOUD• How to increase the Trust in Cloud Services ?Up to80%of problems may besolved with a protectedexecution & a properpolicy enforcement.
  5. 5. SEED4C. Sembrando confianza en el CLOUD• Can we “plant” SEEDs in the Cloudto increase trust ?Building aTrusted Cloud Computing BaseTCCBBased onA Cloud of minimal Trusted Computing Bases:the SEEDs managed by the NoSE
  6. 6. SEED4C. Sembrando confianza en el CLOUD• Security Embedded Element and DataPrivacy for Cloud infraestructuresIntroduction of NoSE. Network of Secure elements
  7. 7. SEED4C. Sembrando confianza en el CLOUD• SEED4C. Concept
  8. 8. SEED4C. Sembrando confianza en el CLOUD• SEED4C. Concept
  9. 9. SEED4C. Sembrando confianza en el CLOUD• SEED4C. Concept
  10. 10. SEED4C. Sembrando confianza en el CLOUD• Deliver Trusted Services in a multi-nodesTrusted Cloud Execution Enviroment10PolicyExecutionTrust &Assurance• Network• Servers• more…TrustedExecutionTrust &Assurance
  11. 11. SEED4C. Sembrando confianza en el CLOUDSECURITY PLANE / NoSEUSER’SDEVICEEND to END TRUSTED SERVICESEND to END TRUSTED SERVICESUser’s SEED enrolled in NoSETrust &Assurance• And deliver End to End security to users
  12. 12. SEED4C. Sembrando confianza en el CLOUDInfraProviderSaaSProviderUser /TenantPaaSProviderDeviceProvider• In a multi-party policy driven architecture
  13. 13. SEED4C. Sembrando confianza en el CLOUD• And provide compliance and evidence• Logs and audit features enforced bythe NoSE• Change Management of the TrustedArchitecture tracked down thanks tothe NoSE and central management• Change workflow may be enforcedtoo by trusted actors
  14. 14. SEED4C. Sembrando confianza en el CLOUD• Cómo distribuir los elementos seguros dentro deuna infraestructura para que proporcionen valorañadido a la plataforma y los servicios.• Cómo conseguir un balance de carga ycomunicación seguros entre y desde loselementos seguros (SE) a las máquinasintegradas.• Cómo abordar la ejecución de políticas(centradas en la Identidad y Privacidad),trazabilidad y garantía de los servicios finales.• Retos de investigación
  15. 15. SEED4C. Sembrando confianza en el CLOUD• Retos de investigación
  16. 16. SEED4C. Sembrando confianza en el CLOUD• SEEDs planting: Granularity– Network, hypervisors, servers, storage, devices– Strategic places IaaS, PaaS, SaaS• Multiple form factors required to match physical constraints– Secure Embedded Elements, TPM, Software in a TEE,Dedicated VM, OS Component• Network of Secure Elements (NoSE)– Communication protocols across SEEDs• Scalability of the architecture• Enrollment & Lifecycle of equipment, VMs, SEEDs in theNoSE– Enroll equipment, attach them to SEEDs• Credential management• Valor añadido
  17. 17. SEED4C. Sembrando confianza en el CLOUD• Mapeo de los casos de usoNetaaSPaaSIaaSSaaSNoSEClientAccessDevice1: BYOD /protectionof corp data2: Airport equipment Mgt.3: HSM+KeyCeremony4: EnterpriseCollaboration5:ePayment,PCI/DSS6: IAMAuth +Auditing7: Security atIaaS Level8: Monitoring Security atPaaS Layer9: Admin Access & Auditmanagement/logs10: Telco Services inthe cloud, multitenancy protection11: eGov.Services,Dataprotection12: SVPDC, VirtualData Centermanagement
  18. 18. SEED4C. Sembrando confianza en el CLOUD• eGoverment services data protection
  19. 19. SEED4C. Sembrando confianza en el CLOUD• eGoverment services data protection
  20. 20. SEED4C. Sembrando confianza en el CLOUDBefore SEED4C After SEED4C•Security solutions based onindependent, proprietary andindependent elements to secure data inthe cloud•Enhanced security related functionalityto control, access and store protecteddata in the cloud•Adopt the seeds developed for the e-Government service to manage andstore this protected data in their owninfrastructure•Add more layers of security using anetwork of secure elements: Compliance,Traceability and Auditability.• eGoverment services data protection
  21. 21. SEED4C. Sembrando confianza en el CLOUD• Centralized cloud services for airportmanagement
  22. 22. SEED4C. Sembrando confianza en el CLOUDBefore SEED4C After SEED4C•Security solutions based onindependent, proprietary andindependent elements to secure data inthe cloud•Enhanced security relatedfunctionalities•Add more layers of security using anetwork of secure elements•Provide a NoSE interconnectedgenerating a trusted network thatprovides a layer of security to theentire system: Compliance, Traceabilityand Auditability.• Centralized cloud services for airportmanagement
  23. 23. SEED4C. Sembrando confianza en el CLOUD• Propiedades de seguridad
  24. 24. SEED4C. Sembrando confianza en el CLOUD
  25. 25. ¡Muchas Gracias!XV Jornadas de Seguridad NEXTEL S.A.27/06/2013Oscar LópezArea I+D+i¡Síguenos enRedes Sociales!

×