security services lifecycle management
play

Security Services Lifecycle Management in On-Demand Infrastructure - PowerPoint PPT Presentation

Aug 27, 2022 •728 likes •1.1k views

Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning Yuri Demchenko System and Network Engineering Group University of Amsterdam CPSRT 2010 Workshop 2 December 2010 CloudCom2010 Conference 30 October - 3

  1. Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning Yuri Demchenko System and Network Engineering Group University of Amsterdam CPSRT 2010 Workshop 2 December 2010 CloudCom2010 Conference 30 October - 3 December 2010, Indianapolis

  2. Outline • Background for this research • On-Demand Infrastructure Services Provisioning and Composable Services Architecture (CSA)  CSA Service Delivery Framework and Services Lifecycle Management • Proposed Security Services Lifecycle Management and related security mechanisms • Implementation – GAAA Toolkit and Security sessions management • Summary and Discussion Slide _ 2 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  3. Background to this research • Current projects  GEANT3 JRA3 Composable Services – European NREN infrastructure  GEYSERS – On-demand Optical + IT infrastructure resources provisioning – Wide participation from large European network (Telefonika, Alcatel-Lucent, Interoute) and application providers (SAP) • Past projects  EGEE Grid Security middleware – gLite Java Authorisation Framework  Phosphorus project Security architecture for multi-domain Network Resource Provisioning – GAAA-NRP and XACML-NRP profile – Multidomain Network Resource Provisioning (NRP) model and workflow Slide _ 3 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  4. Use Case – e-Science infrastructure Initial effort to build – Control & Instrument Grid estimated 2 Yrs Monitoring Storage T0 (Manufactoring) Outsource to current telco provider – approx. 2 Grid Grid months Center Storage T1 User A Visualisation Target with new business User K Grid Grid model – 2 hrs Storage T1 Center User P Visualisation Computing Cloud Cloud Storage Permanent link High Speed link provisioned on demand Link provisioned on-demand Components of the typical e-Science infrastructure involving multidomain and multi-tier Grid and Cloud resources and network infrastructure Slide _ 4 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  5. Use Case – e-Science infrastructure Control & Instrument Grid On-demand infrastructure Monitoring Storage T0 (Manufactoring) services provisioning environment Grid • Grid Security along the whole Center Storage T1 User A provisioning process and Visualisation service/infrastructure lifecycle User K Grid Grid • Manageable/user Storage T1 Center controlled security User P • Securing remote Visualisation executing environment Computing Cloud • Security context/session Cloud Storage management Permanent link High Speed link provisioned on demand Link provisioned on-demand Components of the typical e-Science infrastructure involving multidomain and multi-tier Grid and Cloud resources and network infrastructure Slide _ 5 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  6. GEYSERS Reference Model for Infrastructure Virtualisation Roles: • VIO – Virtual Infrastructure Operator • VIP - Virtual Infrastructure Provider • PIP - Physical Infrastructure Provider Slide _ 6 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  7. Security Service Lifecycle Management in On-Demand Resources/Services Provisioning • On-Demand Infrastructure Services Provisioning requires definition of Services Lifecycle Management  Multidomain multi-provider environment  Includes standard virtualisation procedures and mechanisms • Requires dynamic creation of Security/Trust Federations in multi-domain environment  Based on available Trust Anchors – Physical Resources (hosting platforms) – SLA or SLA negotiators/contractors – All other security context/credentials/keys should be derived from them • Access control infrastructure dynamically created and policy/attributes dynamically configured  Access/authorisation session/context management • Composable Services Architecture (CSA) as a platform for dynamically configurable composable services provisioning Slide _ 7 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  8. Composable Services Architecture Composable Services Applications and User Terminals lifecycle/provisioning User Virtual Infrastructure/Resources level Client stages Proxy (adaptors/containers) – Composed/Virtualised Services and Resources (1) Request (2) Composition/ Reservation Composition Control & Composable Services Middleware (3) Deployment Layer/Serv Management (GEMBus) (4) Operation Plane (Reservation (5) Decommissioning SLA (Operation, Negotiatn) Orchestration) MD SLC Registry Logging Security Separation of Data Plane, Control Plane, Management Plane Logical Abstraction Layer for Component Services and Resources Proxy (adaptors/containers) - Component Services and Resources Control/ Storage Compute Network Infrastructure Mngnt Links Resources Resources Data Links Component Services & Resources – Physical Resources level Slide _ 8 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  9. CSA Services Delivery Framework (SDF) Composable Services Provisioning Workflow Main stages/phases Service Request/ • Service Request (including SLA SLA Negotiation negotiation) • Composition/Reservation (aka design) Composition/ • Service Deployment, including Reservation Lifecycle Reqistration/Synchronisation Metadata Re-Compo • Operation (including Monitoring) sition Service • (SL MD) Decommissioning Deployment Additional stages • Re-Composition should address Registr&Synchro incremental infrastructure changes • Recovery/ Recovery/Migration can use SL-MD Provisiong Migration Session to initiate resources re- Managnt Operation synchronisation but may require re- (Monitoring) composition The whole workflow is supported by the Service Lifecycle Metadata Service (SL MD) Decommissioning Based on the TMF SDF Slide _ 9 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  10. TMF Service Delivery Framework (SDF) Goal: Automation of the whole service delivery and operation process (TMF SDF, http://www.tmforum.org/ServiceDeliveryFramework/4664/home.html) End-to-end service management in a multi-service providers environment End-to-end service management in a composite, hosted and/or syndicated service environment Management functions to support a highly distributed service environment, for example unified or federated security, user profile management, charging etc. Any other scenario that pertains to a given phase of the service lifecycle challenges, such as on-boarding, provisioning, or service creation Slide _ 10 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  11. SDF Reference Architecture (refactored from SDF) 1 – Service Instance Design 2 - Service Management Interface 16 9 3 – Service Functional Interface SDF Service Design SDF Service 10 4 - Management Support Service (SDF Management (ISS) Repository (ISS) MSS) SDF Service 8 - Infrastructure Support Service (ISS) Lifecycle Metadata DESIGN stage Deploy Repository (ISS) 17 9 - Service Repository 11 SDF Service 10 - Service Lifecycle Metadata SDF Service Lifecycle Deployment Repository Metadata Management (ISS) Coordination (ISS) 16 - Service Design Management DEPLOYMENT stage 2 10 - Service Lifecycle Metadata Operate 12 SDF Service State Repository Monitor (ISS) 6 11 - Service Lifecycle Metadata SDF Service Provisng Coordinator 1 13 SDF Service Mngnt (MSS) SDF Service Resource 17 - Service Deployment Management Instance Fulfillment (ISS) OPERATION stage 6 5 - Service Provisioning Management SDF Service Quality/ 14 SDF Service Resource 3 Problem Mngnt (MSS) 6 - Service Quality/Problem Management Monitor (ISS) 7 - Service Usage Monitor 7 15 12 - Service State Monitor SDF Service Usage Composite Services SDF Service Resource Mngnt (MSS) provisioned on-demand 13 - Service Resource Fulfillment Usage Monitor (ISS) 14 - Service Resource Monitor SDF MSS 4 SDF ISS 8 15 - Resource Usage Monitor Slide _ 11 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

  12. Composable Services Architecture – Lifecycle stages workflow 4 4 Composable Serv Serv Serv Applications and User Terminals User Services Client lifecycle/provisioning Proxy (adaptors/containers) – Composed/Virtualised Services and Resources 4 3 stages 1 2 2 3 3 (1) Request Composition Control & Composable Services Middleware 1 Layer /Serv (2) Composition/ Management (GEMBus/GESB) Plane Reservation (Reservation SLA (3) Deployment (Operation, Negotiatn) 4 2 Orchestration) (4) Operation MD SLC Registry Logging Security (5) Decommissioning 3 2 MD SLC – Service Lifecycle Metadata Logical Abstraction Layer for Component 2 3 Services and Resources GEMBus – GEANT 4 Multidomain Bus 4 3 2 Proxy (adaptors/containers) - Component Services and Resources Control/ Storage Compute Mngnt Links Network Infrastructure Resources Resources Data Links Component Services & Resources Slide _ 12 CPSRT2010 Workshop, 2 December 2010 Security Services Lifecycle Management

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the

Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the

Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management guidance is provided in [SP800-21]. A single item of keying

522 views • 18 slides
Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda

Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda

Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda Introduction Security Development Lifecycle Threat Modeling and Security Design Static Source Code Analysis Software Build Security 3 rd

615 views • 15 slides
WoT device lifecycle Elena Reshetova, Intel Reasoning A single view on lifecycle is utmost

WoT device lifecycle Elena Reshetova, Intel Reasoning A single view on lifecycle is utmost

WoT device lifecycle Elena Reshetova, Intel Reasoning A single view on lifecycle is utmost important to defne security correctly (and not just security) Helps defning security scope Currently described in

1.44k views • 5 slides
Lifecycle Management Methodology using Lifecycle Cost Benefit Analysis for Washing Machine H.

Lifecycle Management Methodology using Lifecycle Cost Benefit Analysis for Washing Machine H.

Lifecycle Management Methodology using Lifecycle Cost Benefit Analysis for Washing Machine H. Yamaguchi, N. Itsubo, S. Lee, I. Jeong, M. Motoshita, A. Inaba LCA Research Center, AIST M. Ichinohe, N. Yamamoto, Hitachi, Ltd. Y. Miyano ,

356 views • 33 slides
(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for all types

788 views • 66 slides
Understanding Understanding Lifecycle Management Lifecycle Management Complexity of Datacenter

Understanding Understanding Lifecycle Management Lifecycle Management Complexity of Datacenter

Understanding Understanding Lifecycle Management Lifecycle Management Complexity of Datacenter Complexity of Datacenter Topologies Topologies Mingyang Zhang (USC) Mingyang Zhang (USC) Radhika Niranjan Mysore (VMware Research) Sucha

1.12k views • 93 slides
Application of ICH Q12 Tools and Enablers Post-Approval Lifecycle Management Protocols 1 Outline

Application of ICH Q12 Tools and Enablers Post-Approval Lifecycle Management Protocols 1 Outline

Joint BWP/QWP/GMDP IWG Industry European Workshop on Lifecycle Management Application of ICH Q12 Tools and Enablers Post-Approval Lifecycle Management Protocols 1 Outline Introduction: evolution of PACMP concept Expanded (multi-site,

580 views • 33 slides
Application Lifecycle Management Accelerate Innovation By Rick Stroot - InnoFour Application

Application Lifecycle Management Accelerate Innovation By Rick Stroot - InnoFour Application

Application Lifecycle Management Accelerate Innovation By Rick Stroot - InnoFour Application Lifecycle Management . Agenda Trends & Challenges 3 Core Pillars of ALM Key Differentiators Page 2 Software is eating the world 2011 -

425 views • 29 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
Service Level Agreements: An Approach to Software Lifecycle Management CDR Leonard Gaines Naval

Service Level Agreements: An Approach to Software Lifecycle Management CDR Leonard Gaines Naval

Service Level Agreements: An Approach to Software Lifecycle Management CDR Leonard Gaines Naval Supply Systems Command 29 January 2003 Definition Definition: A SLA is an agreement between a provider of services and a customer that

152 views • 11 slides
United States Air Force: USAF Product Lifecycle Management (PLM) for Integrating Program

United States Air Force: USAF Product Lifecycle Management (PLM) for Integrating Program

United States Air Force: USAF Product Lifecycle Management (PLM) for Integrating Program Requirements through an Assets Lifecycle Larry Uchmanowicz Siemens Government Technologies Problem Statement USAF needs to own and manage the

335 views • 14 slides
Memory corruption public enemy number 1 Erik Poll Digital Security Radboud University Nijmegen

Memory corruption public enemy number 1 Erik Poll Digital Security Radboud University Nijmegen

Software Security Memory corruption public enemy number 1 Erik Poll Digital Security Radboud University Nijmegen 1 Security in the development lifecycle 2.1 week 3: exercise week4: group project Security in the development lifecycle

1.82k views • 146 slides
PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

Product Lifecycle Management Center of Excellence Product Lifecycle Management Produc roduct Li Lifec ecycle M Managem anagemen ent Indu ndustri rial A Advi dvisor ory B Board oard Meet eeting ng Novem ovember 11t 11th, h, 2009

472 views • 13 slides
Lifecycle Management of Rela1onal Records for External Audi1ng

Lifecycle Management of Rela1onal Records for External Audi1ng

Lifecycle Management of Rela1onal Records for External Audi1ng and Regulatory Compliance Ahmed Ataullah Frank Wm. Tompa Policies and Constraints

417 views • 26 slides
PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

Product Lifecycle Management Center of Excellence Product Lifecycle Management Produc roduct Li Lifec ecycle M Managem anagemen ent Indu ndustri rial A Advi dvisor ory B Board oard Meet eeting ng Apri pril 30, 30, 2009 2009

313 views • 15 slides
PLM Nat athan an H Har artman an Co-Director PLM Center of Excellence Richa chard C

PLM Nat athan an H Har artman an Co-Director PLM Center of Excellence Richa chard C

Product Lifecycle Management Center of Excellence Product Lifecycle Management Product duct Li Lifecy ecycl cle M e Mana nagem ement ent Industrial trial Advis visory ry Board ard Meetin ting Novem ember ber 12, 12, 2008 2008

159 views • 12 slides
Network design and data collection in an academic & research network Glen Turner

Network design and data collection in an academic & research network Glen Turner

Network design and data collection in an academic & research network Glen Turner 2010-02-08 10 th workshop on data networks as formal objects (WODNAFO 10) The University of Adelaide aar net Australia's Academic and Research Network Our

391 views • 27 slides
INTERNATIONAL NETWORK DAN TWOHILL daniel.twohill@reannz.co.nz 2 REANNZ Lunch 19

INTERNATIONAL NETWORK DAN TWOHILL daniel.twohill@reannz.co.nz 2 REANNZ Lunch 19

REANNZ LUNCH 19 14TH AUG INTERNATIONAL NETWORK DAN TWOHILL daniel.twohill@reannz.co.nz 2 REANNZ Lunch 19 International Network TRAFFIC TYPES 1. International R&E 2. Domestic 3. Caches 4. Commodity Internet 5 REANNZ

444 views • 22 slides
Mo#va#on In the near future the ICT sector is expected

Mo#va#on In the near future the ICT sector is expected

Mo#va#on In the near future the ICT sector is expected to contribute approx. 3% of global carbon emissions, possibly overtaking the avia#on industry.

756 views • 26 slides
and African Academia Research and education networking in Africa 11 th AfriNIC Public Policy

and African Academia Research and education networking in Africa 11 th AfriNIC Public Policy

Internet Number Resources and African Academia Research and education networking in Africa 11 th AfriNIC Public Policy Meeting Dakar, 26 November 2009 Boubakar Barry Research and Education Networking Unit Association of African Universities 1

725 views • 24 slides
The IRISGrid Infrastructure Seamless Support for VOs JRES2005, Marseille Virtual Organisations

The IRISGrid Infrastructure Seamless Support for VOs JRES2005, Marseille Virtual Organisations

The IRISGrid Infrastructure Seamless Support for VOs JRES2005, Marseille Virtual Organisations Why a support infrastructure Users own and require resources Shared Collective User User Resource User Resource Resource User

657 views • 28 slides
Uterine Corpus Subcommittee Pelvic Recurrence 2/25/2008 Endorsed by RTOG

Uterine Corpus Subcommittee Pelvic Recurrence 2/25/2008 Endorsed by RTOG

NRG/GOG Foundation Uterine Corpus Subcommittee Pelvic Recurrence 2/25/2008 Endorsed by RTOG 108/154 accrued Leiomyosarcoma: Stage I 4 Jun 2012 opened 38/216 accrued 9 Sep 2016 closed International Rare Cancers Initiative

1.48k views • 7 slides
Thermoelectric properties of heavy fermion systems calculated within a DMFT/NRG-treatment of the

Thermoelectric properties of heavy fermion systems calculated within a DMFT/NRG-treatment of the

Thermoelectric properties of heavy fermion systems calculated within a DMFT/NRG-treatment of the periodic Anderson model Gerd Czycholl Institut fr Theoretische Physik, Universitt Bremen Coworkers: Claas Grenzebach, Frithjof Anders

465 views • 44 slides
Quantum impurity systems and Luttinger-Friedel sum rule ~ Luttinger integral as a topological

Quantum impurity systems and Luttinger-Friedel sum rule ~ Luttinger integral as a topological

Quantum criticality in Quantum impurity systems and Luttinger-Friedel sum rule ~ Luttinger integral as a topological invariant ~ Internat ationa onal Symp mpos osiu ium in H Honor of Profe fesso sor Nambu for the 10 10th A Annivers

387 views • 24 slides

More recommend