[PPT] - SEED4C SEED4C th 2015 RESSI 2015, RESSI 2015, May 19 May 19 th PowerPoint Presentation

SLIDE 1

1

SEED4C SEED4C

RESSI 2015, RESSI 2015, May 19 May 19th

th 2015

2015

SLIDE 2

Alcatel-Lucent Gemalto INSA CVL Inria/ENS Lyon Wallix Cygate Mikkelin Puhelin Oy Nokia Solutions & Networks Oy, Finceptum Oy VTT France Finland

2

VTT Innovalia Association Nextel Software Quality Systems (SQS) Fundación Vicomtech IKUSI BISCAYTIK SOLACIA SEED4C: Security Embedded Element and Data Privacy for Cloud Spain Korea

SLIDE 3

Enterprises are moving their data & applications in the cloud (even for a

time-bound project)

Data (e.g., HR, business), apps and policies (regulation, enterprise, end-user)
Key issue: End-to-end protection in the cloud of the sensitive data and apps

SEED4C General Presentation

Context

3

SLA

Legal / regulation policies Applications Data Policy

Traditional Enterprise IT

(on-premise based)

Cloud-based Enterprise IT

(incl. Private & Public cloud)

SLIDE 4

Enterprises are moving their data & applications in the cloud (even for a

time-bound project)

Data (e.g., HR, business), apps and policies (regulation, enterprise, end-user)
Key issue: End-to-end protection in the cloud of the sensitive data and apps

SEED4C General Presentation

Context

Cloud SLA

Quality of Service
Availability, latency, etc.
Security

Data storage

Data location
Data access control per app/per user
Data retention and deletion
Data usage tracing
Data breach notification
etc.

Data processing (in Virtual Machines)

VM location and co-location constraints
VM isolation
VM security level
etc.

Network configuration

Secure VM connection

4

SLA

Legal / regulation policies Applications Data Policy

Traditional Enterprise IT

(on-premise based)

Cloud-based Enterprise IT

(incl. Private & Public cloud)

Secure VM connection
etc.

How to enforce these SLA security policies? How to monitor/certify the enforcement of these policies?

SLIDE 5

Secure Element Extended (SEE)
Securely store critical data and securely execute critical apps
Support multi-tenant data & apps
Network of Secure Element Extended (NoSEE)
Secure exchange of SEE contexts
Eg. allow critical data to only be transferred in secure & compliant VMs

SEED4C approach

From an isolated security to a coordinated security

5

Isolated Security Coordinated Security

NoSEE SEE SEE SEE

SLIDE 6

SEED4C General Presentation SEED4C process

Policy Modeling SEED4C User Policy Assurance NoSEE

6

App & Policy Deployment Policy Monitoring SEE–based Policy Enforcement SEE

SLIDE 7

SEED4C General Presentation

Various types of use-cases at different cloud levels (IaaS, PaaS, SaaS)

NSS Security Operations Center Use Case Environment Authenticaton Domain

Airport system mgt e-Gov services

EU Other SEE SE E SEE SEE

Cloud-based Collaboration Services 7

MSC A U C H L R V L R EIR SMSC SMSC2 VLR2 W eb Server Application/ Processing Server Database Servers User Authentication Server Ba nk Do ma in Possible location of SE or SEE

e-Banking Telco services in the cloud Security monitoring PaaS environment IAM authentication and auditing IaaS level security Admin access mgt vHSM + key ceremony

SLIDE 8

SEE–based Policy Enforcement

Modeling

1 model = 3 views
1. Virtualized Application
2. Application Security
3. Resources Mapping

Sam4C Modeling Tool

Virtualized Application Security

App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement P<olicy Modeling

8

Example of properties: Integrity, Confidentiality, Isolation, etc.

SLIDE 9

External client Network Application group Service

Modeling

Virtualized Application

SEE–based Policy Enforcement App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement P<olicy Modeling

9

Virtual machine Security domain Data

Screenshot of Airport Management Application (called “Musik”) in Sam4C Modeling Tool

SLIDE 10

Integrity, Confidentiality, Isolation properties Authentication property

Modeling

Application Security

SEE–based Policy Enforcement App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement P<olicy Modeling

10

Network property

Screenshot of Airport Management Application (called “Musik”) in Sam4C Modeling Tool

SLIDE 11

Modeling

Resources Mapping

SEE–based Policy Enforcement App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement P<olicy Modeling

11

Screenshot of Airport Management Application (called “Musik”) in Sam4C Modeling Tool

SLIDE 12

SEE–based Policy Enforcement Policy Assurance Policy Monitoring SEE–based Policy Enforcement P<olicy Modeling

Resources contraints

Deployment

Placement with Constraints

App & Policy Deployment

12

Sam4C Deployment Tool

Resources contraints CPU, RAM, Disk, Location. Security contraints Integrity Isolation etc.

SLIDE 13

Placement-based security

Idea: Do not share physical machines with unwanted neighborhood. Properties: Isolation, Integrity, Confidentiality between VMs. Innovation: Core, Cache, RAM granularity.

Deployment Multiple Solutions

SEE–based Policy Enforcement Policy Assurance Policy Monitoring SEE–based Policy Enforcement P<olicy Modeling App & Policy Deployment

13

Security properties matching

Idea: A VM / PM provides security capabilities via a SEE. Properties: All (except properties between VMs). Innovation: Independent from security mechanism implementation.

SLIDE 14

P<olicy Modeling App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement

iptables

SE

SEE

Receives properties from Sam4C
Expressed using capabilities
Capabilities abstract the mechanisms’ functions (generate_key, open_port…)
Confidentiality: generate_key (SE, JCE…) + encrypt_flow (SSH, OpenVPN…)
Select mechanisms to enforce the security properties
Automatically configure the mechanisms

Security Policy Enforcement SEE: Secure Element Extended

SEE–based Policy Enforcement

14

14 Policy Enforcement Engine iptables SELinux Data Protection Module SSH Tunneling PAM Oscap Secure Element

SECURITY PLUGINS MANAGER

Assurance Module

SEE

Sam4C Interface

SLIDE 15

SE

Tenant 1 security domain

Secure Element (SE)
Multi-tenants hardware component (isolated security domains)
Cryptographic functions
SEE: Extends the SE model to other mechanisms
SEE: Uses the SE’s security services
Two admin domains: NoSEE admin / Tenant admin

Cooperative Security: the SEE model

P<olicy Modeling App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement SEE–based Policy Enforcement

15

Tenant 1 security domain Data

Keys

Functions

…

Tenant 2 security domain Data

Keys

Functions

…

Shared security domain Data

Location
Time/date
…
Functions
Encrypt/decrypt
…

SE= SmartCard, MicroSD, etc.

SLIDE 16

Assurance checks are generated during the enforcement step
Check the status of the mechanisms
Check the enforcement of the security properties
Assurance Engine
Collect assurance data from assurance mechanisms configured by the SEE
Send data to the assurance dashboard

Security Policy Assurance

P<olicy Modeling App & Policy Deployment Policy Assurance Policy Monitoring SEE–based Policy Enforcement Policy Assurance Policy Monitoring

16

SLIDE 17

Conclusion

SEED: A minimal trusted computing base spread within the cloud A network of seeds will provide a Trusted Cloud Computing Base Ensure the end-to-end security of “cloudified” apps

17

Ensure the end-to-end security of “cloudified” apps

⇒ ⇒ ⇒ ⇒ ⇒ ⇒ ⇒ ⇒ http:// http://www.celticplus-seed4c.org/

SLIDE 18

18