Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Seguridad: sembrando confianza en el cloud

Download as PPT, PDF

Presentación de Oscar Lopez, de Nextel S.A., durante la XV Jornada de Seguridad TI de Nextel S.A. en la Alhóndiga de Bilbao el jueves 27 de junio de 2013.

1 of 25
Sembrando confianza en el CLOUD Oscar López Área I+D+i XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013
SEED4C. Sembrando confianza en el CLOUD Servicios en CLOUD IaaS PaaS SaaS Cloud provider Cloud customer ¿Seguridad TI y ahorro de costes es posible?
SEED4C. Sembrando confianza en el CLOUD • Coordinación del proyecto: Alcatel-Lucent Bell Labs • Inicio: Abril 2012 • Cierre: Septiembre 2014 • Duración: 30 meses • 4 países: Finlandia, Francia, Corea y España
SEED4C. Sembrando confianza en el CLOUD • How to increase the Trust in Cloud Services ? Up to 80%of problems may be solved with a protected execution & a proper policy enforcement.
SEED4C. Sembrando confianza en el CLOUD • Can we “plant” SEEDs in the Cloud to increase trust ? Building a Trusted Cloud Computing Base TCCB Based on A Cloud of minimal Trusted Computing Bases: the SEEDs managed by the NoSE
SEED4C. Sembrando confianza en el CLOUD • Security Embedded Element and Data Privacy for Cloud infraestructures Introduction of NoSE. Network of Secure elements
SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
SEED4C. Sembrando confianza en el CLOUD • Deliver Trusted Services in a multi-nodes Trusted Cloud Execution Enviroment 10 Policy Execution Trust & Assurance • Network • Servers • more… Trusted Execution Trust & Assurance
SEED4C. Sembrando confianza en el CLOUD SECURITY PLANE / NoSEUSER’S DEVICE END to END TRUSTED SERVICESEND to END TRUSTED SERVICES User’s SEED enrolled in NoSE Trust & Assurance • And deliver End to End security to users
SEED4C. Sembrando confianza en el CLOUD Infra Provider SaaS Provider User / Tenant PaaS Provider Device Provider • In a multi-party policy driven architecture
SEED4C. Sembrando confianza en el CLOUD • And provide compliance and evidence • Logs and audit features enforced by the NoSE • Change Management of the Trusted Architecture tracked down thanks to the NoSE and central management • Change workflow may be enforced too by trusted actors
SEED4C. Sembrando confianza en el CLOUD • Cómo distribuir los elementos seguros dentro de una infraestructura para que proporcionen valor añadido a la plataforma y los servicios. • Cómo conseguir un balance de carga y comunicación seguros entre y desde los elementos seguros (SE) a las máquinas integradas. • Cómo abordar la ejecución de políticas (centradas en la Identidad y Privacidad), trazabilidad y garantía de los servicios finales. • Retos de investigación
SEED4C. Sembrando confianza en el CLOUD • Retos de investigación
SEED4C. Sembrando confianza en el CLOUD • SEEDs planting: Granularity – Network, hypervisors, servers, storage, devices – Strategic places IaaS, PaaS, SaaS • Multiple form factors required to match physical constraints – Secure Embedded Elements, TPM, Software in a TEE, Dedicated VM, OS Component • Network of Secure Elements (NoSE) – Communication protocols across SEEDs • Scalability of the architecture • Enrollment & Lifecycle of equipment, VMs, SEEDs in the NoSE – Enroll equipment, attach them to SEEDs • Credential management • Valor añadido
SEED4C. Sembrando confianza en el CLOUD • Mapeo de los casos de uso Net aaS PaaS IaaS SaaS NoSE Client Access Device 1: BYOD / protection of corp data 2: Airport equipment Mgt. 3: HSM+Key Ceremony 4: Enterprise Collaboration 5: ePayment, PCI/DSS 6: IAM Auth + Auditing 7: Security at IaaS Level 8: Monitoring Security at PaaS Layer 9: Admin Access & Audit management/logs 10: Telco Services in the cloud, multi tenancy protection 11: eGov. Services, Data protection 12: SVPDC, Virtual Data Center management
SEED4C. Sembrando confianza en el CLOUD • eGoverment services data protection
SEED4C. Sembrando confianza en el CLOUD • eGoverment services data protection
SEED4C. Sembrando confianza en el CLOUD Before SEED4C After SEED4C •Security solutions based on independent, proprietary and independent elements to secure data in the cloud •Enhanced security related functionality to control, access and store protected data in the cloud •Adopt the seeds developed for the e- Government service to manage and store this protected data in their own infrastructure •Add more layers of security using a network of secure elements: Compliance, Traceability and Auditability. • eGoverment services data protection
SEED4C. Sembrando confianza en el CLOUD • Centralized cloud services for airport management
SEED4C. Sembrando confianza en el CLOUD Before SEED4C After SEED4C •Security solutions based on independent, proprietary and independent elements to secure data in the cloud •Enhanced security related functionalities •Add more layers of security using a network of secure elements •Provide a NoSE interconnected generating a trusted network that provides a layer of security to the entire system: Compliance, Traceability and Auditability. • Centralized cloud services for airport management
SEED4C. Sembrando confianza en el CLOUD • Propiedades de seguridad
SEED4C. Sembrando confianza en el CLOUD
¡Muchas Gracias! XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013 Oscar López Area I+D+i ¡Síguenos en Redes Sociales!

More Related Content

Seguridad: sembrando confianza en el cloud

  • 1. Sembrando confianza en el CLOUD Oscar López Área I+D+i XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013
  • 2. SEED4C. Sembrando confianza en el CLOUD Servicios en CLOUD IaaS PaaS SaaS Cloud provider Cloud customer ¿Seguridad TI y ahorro de costes es posible?
  • 3. SEED4C. Sembrando confianza en el CLOUD • Coordinación del proyecto: Alcatel-Lucent Bell Labs • Inicio: Abril 2012 • Cierre: Septiembre 2014 • Duración: 30 meses • 4 países: Finlandia, Francia, Corea y España
  • 4. SEED4C. Sembrando confianza en el CLOUD • How to increase the Trust in Cloud Services ? Up to 80%of problems may be solved with a protected execution & a proper policy enforcement.
  • 5. SEED4C. Sembrando confianza en el CLOUD • Can we “plant” SEEDs in the Cloud to increase trust ? Building a Trusted Cloud Computing Base TCCB Based on A Cloud of minimal Trusted Computing Bases: the SEEDs managed by the NoSE
  • 6. SEED4C. Sembrando confianza en el CLOUD • Security Embedded Element and Data Privacy for Cloud infraestructures Introduction of NoSE. Network of Secure elements
  • 7. SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
  • 8. SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
  • 9. SEED4C. Sembrando confianza en el CLOUD • SEED4C. Concept
  • 10. SEED4C. Sembrando confianza en el CLOUD • Deliver Trusted Services in a multi-nodes Trusted Cloud Execution Enviroment 10 Policy Execution Trust & Assurance • Network • Servers • more… Trusted Execution Trust & Assurance
  • 11. SEED4C. Sembrando confianza en el CLOUD SECURITY PLANE / NoSEUSER’S DEVICE END to END TRUSTED SERVICESEND to END TRUSTED SERVICES User’s SEED enrolled in NoSE Trust & Assurance • And deliver End to End security to users
  • 12. SEED4C. Sembrando confianza en el CLOUD Infra Provider SaaS Provider User / Tenant PaaS Provider Device Provider • In a multi-party policy driven architecture
  • 13. SEED4C. Sembrando confianza en el CLOUD • And provide compliance and evidence • Logs and audit features enforced by the NoSE • Change Management of the Trusted Architecture tracked down thanks to the NoSE and central management • Change workflow may be enforced too by trusted actors
  • 14. SEED4C. Sembrando confianza en el CLOUD • Cómo distribuir los elementos seguros dentro de una infraestructura para que proporcionen valor añadido a la plataforma y los servicios. • Cómo conseguir un balance de carga y comunicación seguros entre y desde los elementos seguros (SE) a las máquinas integradas. • Cómo abordar la ejecución de políticas (centradas en la Identidad y Privacidad), trazabilidad y garantía de los servicios finales. • Retos de investigación
  • 15. SEED4C. Sembrando confianza en el CLOUD • Retos de investigación
  • 16. SEED4C. Sembrando confianza en el CLOUD • SEEDs planting: Granularity – Network, hypervisors, servers, storage, devices – Strategic places IaaS, PaaS, SaaS • Multiple form factors required to match physical constraints – Secure Embedded Elements, TPM, Software in a TEE, Dedicated VM, OS Component • Network of Secure Elements (NoSE) – Communication protocols across SEEDs • Scalability of the architecture • Enrollment & Lifecycle of equipment, VMs, SEEDs in the NoSE – Enroll equipment, attach them to SEEDs • Credential management • Valor añadido
  • 17. SEED4C. Sembrando confianza en el CLOUD • Mapeo de los casos de uso Net aaS PaaS IaaS SaaS NoSE Client Access Device 1: BYOD / protection of corp data 2: Airport equipment Mgt. 3: HSM+Key Ceremony 4: Enterprise Collaboration 5: ePayment, PCI/DSS 6: IAM Auth + Auditing 7: Security at IaaS Level 8: Monitoring Security at PaaS Layer 9: Admin Access & Audit management/logs 10: Telco Services in the cloud, multi tenancy protection 11: eGov. Services, Data protection 12: SVPDC, Virtual Data Center management
  • 18. SEED4C. Sembrando confianza en el CLOUD • eGoverment services data protection
  • 19. SEED4C. Sembrando confianza en el CLOUD • eGoverment services data protection
  • 20. SEED4C. Sembrando confianza en el CLOUD Before SEED4C After SEED4C •Security solutions based on independent, proprietary and independent elements to secure data in the cloud •Enhanced security related functionality to control, access and store protected data in the cloud •Adopt the seeds developed for the e- Government service to manage and store this protected data in their own infrastructure •Add more layers of security using a network of secure elements: Compliance, Traceability and Auditability. • eGoverment services data protection
  • 21. SEED4C. Sembrando confianza en el CLOUD • Centralized cloud services for airport management
  • 22. SEED4C. Sembrando confianza en el CLOUD Before SEED4C After SEED4C •Security solutions based on independent, proprietary and independent elements to secure data in the cloud •Enhanced security related functionalities •Add more layers of security using a network of secure elements •Provide a NoSE interconnected generating a trusted network that provides a layer of security to the entire system: Compliance, Traceability and Auditability. • Centralized cloud services for airport management
  • 23. SEED4C. Sembrando confianza en el CLOUD • Propiedades de seguridad
  • 25. ¡Muchas Gracias! XV Jornadas de Seguridad NEXTEL S.A. 27/06/2013 Oscar López Area I+D+i ¡Síguenos en Redes Sociales!

Editor's Notes

  1. Seguridad TI y ahorro de costes es posible?
  2. Seguridad TI y ahorro de costes es posible?