SEED4C SEED4C th 2015 RESSI 2015, RESSI 2015, May 19 May 19 th 2015 1
Alcatel-Lucent France Gemalto INSA CVL Inria/ENS Lyon Wallix Cygate Mikkelin Puhelin Oy Finland Nokia Solutions & Networks Oy, Finceptum Oy VTT VTT SEED4C: Security Embedded Element and Data Privacy for Cloud Innovalia Association Nextel Spain Software Quality Systems (SQS) Fundación Vicomtech IKUSI BISCAYTIK Korea SOLACIA 2
SEED4C General Presentation Context • Enterprises are moving their data & applications in the cloud (even for a time-bound project) - Data (e.g., HR, business), apps and policies (regulation, enterprise, end-user) • Key issue: End-to-end protection in the cloud of the sensitive data and apps Legal / regulation policies SLA Applications Policy Data Traditional Enterprise IT Cloud-based Enterprise IT (on-premise based) (incl. Private & Public cloud) 3
Cloud SLA SEED4C General Presentation • Quality of Service Context - Availability, latency, etc. • Security • Enterprises are moving their data & applications in the cloud (even for a Data storage Data processing (in Virtual Machines) time-bound project) - Data location - VM location and co-location constraints - Data access control per app/per user - VM isolation - Data (e.g., HR, business), apps and policies (regulation, enterprise, end-user) - Data retention and deletion - VM security level • Key issue: End-to-end protection in the cloud of the sensitive data and apps - Data usage tracing - etc. - Data breach notification - etc. Network configuration - Secure VM connection - Secure VM connection Legal / regulation - etc. policies SLA Applications Policy How to enforce these SLA security policies? Data How to monitor/certify the enforcement of these policies? Traditional Enterprise IT Cloud-based Enterprise IT (on-premise based) (incl. Private & Public cloud) 4
SEED4C approach From an isolated security to a coordinated security • Secure Element Extended (SEE) - Securely store critical data and securely execute critical apps - Support multi-tenant data & apps • Network of Secure Element Extended (NoSEE) - Secure exchange of SEE contexts - Eg. allow critical data to only be transferred in secure & compliant VMs NoSEE SEE SEE SEE Coordinated Security Isolated Security 5
SEED4C General Presentation SEED4C process SEED4C User Policy Modeling Policy Assurance NoSEE SEE App & Policy Policy Deployment Monitoring SEE–based Policy Enforcement 6
SEED4C General Presentation Various types of use-cases at different cloud levels (IaaS, PaaS, SaaS) SEE SE E SEE SEE EU Other Cloud-based Airport system mgt e-Gov services Collaboration Services Use Case Environment NSS Authenticaton Domain Security Operations Center User V L R Authentication Server H L R Ba nk A Do U ma C in W eb Server EIR Application/ Processing Server Database Servers MSC SMSC SMSC2 VLR2 IAM authentication Security monitoring Telco services Possible location of SE or SEE e-Banking and auditing PaaS environment in the cloud Admin access mgt IaaS level security vHSM + key ceremony 7
Modeling P<olicy Policy Modeling Assurance Virtualized Application Security App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy Enforcement Enforcement • 1 model = 3 views Sam4C Modeling Tool 1. Virtualized Application 3. Resources Mapping 2. Application Security Example of properties: Integrity, Confidentiality, Isolation, etc. 8
Modeling P<olicy Policy Modeling Assurance Virtualized Application App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy Enforcement Enforcement External Application group Service Network client Virtual machine Data Security domain Screenshot of Airport Management Application (called “Musik”) in Sam4C Modeling Tool 9
Modeling P<olicy Policy Modeling Assurance Application Security App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy Enforcement Enforcement Integrity, Confidentiality, Isolation properties Authentication property Network property Screenshot of Airport Management Application (called “Musik”) in Sam4C Modeling Tool 10
Modeling P<olicy Policy Modeling Assurance Resources Mapping App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy Enforcement Enforcement Screenshot of Airport Management Application (called “Musik”) in Sam4C Modeling Tool 11
Deployment P<olicy Policy Modeling Assurance Placement with Constraints App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy Enforcement Enforcement � Resources contraints � Resources contraints � CPU, � RAM, � Disk, � Location. � Security contraints Sam4C Deployment Tool � Integrity � Isolation � etc. 12
Deployment P<olicy Policy Modeling Assurance Multiple Solutions App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy Enforcement Enforcement Placement-based security � Idea: Do not share physical machines with unwanted neighborhood. � Properties: Isolation, Integrity, Confidentiality between VMs. � Innovation: Core, Cache, RAM granularity. Security properties matching � Idea: A VM / PM provides security capabilities via a SEE . � Properties: All (except properties between VMs). � Innovation: Independent from security mechanism implementation. 13
Security Policy Enforcement P<olicy Policy Modeling Assurance SEE: Secure Element Extended App & Policy Policy Deployment Monitoring • Receives properties from Sam4C SEE–based Policy SEE–based Policy Enforcement Enforcement - Expressed using capabilities - Capabilities abstract the mechanisms’ functions (generate_key, open_port…) - Confidentiality: generate_key (SE, JCE…) + encrypt_flow (SSH, OpenVPN…) - Select mechanisms to enforce the security properties - Automatically configure the mechanisms SEE SEE SECURITY PLUGINS MANAGER SE iptables iptables SELinux Policy Sam4C Enforcement Interface Data Engine Protection Module SSH Tunneling Assurance Module PAM Oscap Secure Element 14 14
Cooperative Security: the SEE model P<olicy Policy Modeling Assurance App & Policy Policy Deployment Monitoring SEE–based Policy SEE–based Policy • Secure Element (SE) Enforcement Enforcement • Multi-tenants hardware component (isolated security domains) • Cryptographic functions • SEE: Extends the SE model to other mechanisms • SEE: Uses the SE’s security services • Two admin domains: NoSEE admin / Tenant admin SE Tenant 1 security domain Tenant 1 security domain Data - Keys Functions - … Tenant 2 security domain Data - Keys Functions - … Shared security domain Data - Location - Time/date -… - Functions - Encrypt/decrypt - … 15 SE= SmartCard, MicroSD, etc.
Security Policy Assurance Policy P<olicy Policy Modeling Assurance Assurance App & Policy Policy Policy Deployment Monitoring Monitoring • Assurance checks are generated during the enforcement step SEE–based Policy Enforcement - Check the status of the mechanisms - Check the enforcement of the security properties • Assurance Engine - Collect assurance data from assurance mechanisms configured by the SEE - Send data to the assurance dashboard 16 16
Conclusion SEED: A minimal trusted computing base spread within the cloud A network of seeds will provide a Trusted Cloud Computing Base Ensure the end-to-end security of “cloudified” apps Ensure the end-to-end security of “cloudified” apps ⇒ ⇒ http:// ⇒ ⇒ ⇒ ⇒ ⇒ ⇒ http://www.celticplus-seed4c.org/ 17
18
Recommend
More recommend
